top | item 46947523

(no title)

illithid0 | 20 days ago

I've worked as a security consultant with one or two companies (who shall remain nameless) whose sole product was a hardware device with a black-box software stack meant to be a plug-and-play lawful intercept compliance solution. Telecoms should be able to buy it, install it, and access a web panel to do their government-mandated business.

In the three or four year I worked with them, they would only let me do penetration testing of their user network, and never the segments where the developers were, and never the product itself. In speaking with their security team (one guy - shocker) during compliance initiatives, it was very clear to me that the product itself was not to be touched per the explicit direction of senior leadership.

All I can say is that if the parts of their environment they did let us touch are any indication of the state of the rest of their assets, that device was compromised a long time ago.

discuss

red-iron-pine|20 days ago

when I lived in NoVA I had a roommate that installed and serviced boxes that sound suspiciously similar.

SSL crackers to MITM all ISP user traffic

Ms-J|20 days ago

Certainly these devices exist and are installed daily to further steal our info, but are you sure these devices weren't DPI boxes? If you could give a little more detail I might know since I've worked with this type of equipment.

unethical_ban|20 days ago

Yuck.