DamianTV
05-30-2014, 04:37 PM
http://www.theregister.co.uk/2014/05/29/spy_platform_zero_day_exposes_cops_wiretapped_call s/
National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world.
The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice recordings along with names and email addresses for suspects monitored by police.
The flaws affect the NICE's Recording eXpress voice recording product, which targets police and law enforcement agencies.
Prolific fail flaunter, SEC Consult Vulnerability Lab, quietly disclosed nine flaws to NICE and went public after five holes remained unpatched nearly six months after being reported.
The flaws included a root backdoor and remote unauthenticated access to intercepted voice recordings. Hackers could also break into the voice recording server and move laterally to launch further attacks against internal voice virtual local area networks.
The security bods strongly recommended cops stop using the platform until the flaws were fixed and further testing was done.
NICE comms director Erik Snider said customers were notified of the flaws and downplayed the risk of attack.
"We have been addressing the issues based on priority, and can confirm that we have already resolved almost all of them, and expect the remaining fixes to be completed shortly," Snider said.
...
When you build doors, everyone has the ability to walk through that door. Its just a matter of having or finding the right key. The real problem is what lies on the other side of that door becomes a temptation for people to open the door in the first place.
Basically, all the stuff the NSA and Cops use to spy on us Mundanes will be used by everyone to spy on us Mundanes. Somebody tell that guy to get his finger out of his nose.
National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world.
The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice recordings along with names and email addresses for suspects monitored by police.
The flaws affect the NICE's Recording eXpress voice recording product, which targets police and law enforcement agencies.
Prolific fail flaunter, SEC Consult Vulnerability Lab, quietly disclosed nine flaws to NICE and went public after five holes remained unpatched nearly six months after being reported.
The flaws included a root backdoor and remote unauthenticated access to intercepted voice recordings. Hackers could also break into the voice recording server and move laterally to launch further attacks against internal voice virtual local area networks.
The security bods strongly recommended cops stop using the platform until the flaws were fixed and further testing was done.
NICE comms director Erik Snider said customers were notified of the flaws and downplayed the risk of attack.
"We have been addressing the issues based on priority, and can confirm that we have already resolved almost all of them, and expect the remaining fixes to be completed shortly," Snider said.
...
When you build doors, everyone has the ability to walk through that door. Its just a matter of having or finding the right key. The real problem is what lies on the other side of that door becomes a temptation for people to open the door in the first place.
Basically, all the stuff the NSA and Cops use to spy on us Mundanes will be used by everyone to spy on us Mundanes. Somebody tell that guy to get his finger out of his nose.