Piece of shit company I refuse to do business with.

Requires physical access and network MITM on a single aftermarket head unit. So spooky!

To be fair, Linux has not been especially awesome at suspended/hibernate/resume, historically.

I’m fine with the effort bar being selecting an instance. If someone can’t get beyond that, there’s probably not much they have to say I’d be interested in.

What I see from hexbear trolls is an attempt to usurp leftism and turn it into something very weird. They came hard for Biden and Kamala, but don’t really say anything negative about Trump. They talk about “libs” as though the word hasn’t changed which group it refers to over the course of the last century.

It is quite clear to me that they do this to advance Russian interests and global fascism. They will, of course, deny it, but they are simply manipulators.

Yes, are you unaware of how Russian propaganda works?

They don’t care, mission was accomplished in November of last year.

I assume you would be operating VNFs in the context of using these parameters, which implies that any security concerns would be mitigated through the use of the same.

Can’t wait for health and life insurance companies to secretly start making decisions about coverage based on this leaked data.

Yeah, security is not just operating expense, it also slows down revenue generation. Bad combo for presenting to the C suite.

The problem, as I see it, is that telcos have simply way too many silos and technologies in use to even begin to understand their entire attack surface. I don’t think the Lawful Intercept functions on the devices that are likely compromised are even capable of sending logs to a SIEM. It’s a black box that only a small subset of people at the telco work with and law enforcement has essentially automated access to it once a warrant (or warrantless) wiretap commences.

What if the bespoke hack the CSO is describing is something like backward serialization of a circuit emulation method or some other tunneling technology leveraging a legacy protocol? There’s all kinds of crazy shit in telco networks with lots of capabilities, lots of which go unused. The folks securing those networks do not understand the devices and protocols well enough to ask the right questions, probe the right directions, get the right people to do the right things…

Combine all that with what’s typically an adversarial relationship between security teams and the people building and operating the network and you get a nice shit soufflé waiting to be eaten by APTs.

It was reported long ago that foreign adversaries had compromised telco and financial networks so deeply that they would likely never be eradicated. I don’t think the situation has improved much.

Why didn’t we think of this??

That stuff has been removed from major telco networks. This was the Lawful Intercept functionality being hacked on some sort of device.

Put them on M365 or Google Workspace. Do not buy a server.

The article described the hackers having access to what’s called Lawful Intercept capabilities. In the telecom equipment I’ve worked with, this takes the form of voice call tapping, full packet capture of data, or just a capture of connections made.

If they had unfettered access to this functionality, they could have spied on anyone at length. Government officials, C suite people at companies…anyone.

Why isn’t this system air gapped from the internet?

This will surely plug all the holes.

These click bait statements hackers use are so effective. Women especially are targeted by the “we hacked your computer and have scandalous pictures and videos of your private time last night!” I can’t wait for the people responsible for this shit to be behind bars.

Am I missing it? There’s seemingly no write up on what the vulnerability actually is, they’re essentially just saying that some poorly managed SSH servers get hacked and then the attackers do stuff.

Edit: oops, reread it. Well, this isn’t really a huge surprise. Just terribly simple root credentials and remote root login enabled.

Maybe they’re handing out FIDO2 hardware tokens during the in person meeting.