all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Messaging Service Wiretap Discovered through Expired TLS Cert

Add to bookmarks
Oct. 27, 2023, 11:01 a.m. | Bruce Schneier

Schneier on Security www.schneier.com

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:


The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.


However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.


The expired certificate was instead discovered on a …

attack cert certificate certificates covert expired expired certificates found jabber man-in-the-middle man-in-the-middle attacks messaging notification privacy russian server servers service story surveillance tls tls certificate wiretap xmpp

Visit resource

More from www.schneier.com / Schneier on Security

Friday Squid Blogging: Squid Purses an hour ago | www.schneier.com
blog blogging can guidelines +6
My TED Talks 4 hours ago | www.schneier.com
conferences controls data internet +9
Rare Interviews with Enigma Cryptanalyst Marian Rejewski 11 hours ago | www.schneier.com
crack cryptanalysis enigma history of cryptography +5
The UK Bans Default Passwords 1 day, 11 hours ago | www.schneier.com
act and telecommunications ban bans +19
AI Voice Scam 2 days, 11 hours ago | www.schneier.com
artificial intelligence bbc money scam +4
WhatsApp in India 3 days, 11 hours ago | www.schneier.com
courts encryption end end-to-end +5
Whale Song Code 4 days, 11 hours ago | www.schneier.com
basic broadcast code cold +18
Friday Squid Blogging: Searching for the Colossal Squid 1 week ago | www.schneier.com
blog blogging can cruise +7
Long Article on GM Spying on Its Cars’ Drivers 1 week ago | www.schneier.com
article cars companies data +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs