this post was submitted on 07 Dec 2024
336 points (98.0% liked)

memes

11546 readers
2927 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
Tenthrow@lemmy.world
The_Picard_Maneuver@lemmy.world
The_Picard_Maneuver@startrek.website
336
Everyone gangsta until you realize everything has been deeply compromised (lemmy.zip)
submitted 2 months ago* (last edited 2 months ago) by possiblylinux127@lemmy.zip to c/memes@lemmy.world
56 comments fedilink hide all child comments
 

The fun part is they don't know the extent of the comprise or how long it has been going on.

What happened is that CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard.

Because of all this, CISA is now recommending that people use encrypted messagers.

top 50 comments
sorted by: hot top controversial new old
[–] nifty@lemmy.world 96 points 2 months ago (1 children)

This is why the old guard of tech and privacy was against a lot of the shenanigans you routinely encounter in any app or device. Bonus, the S in IoT stands for security.

[–] And009@reddthat.com 24 points 2 months ago

Security is last thing about Internet of thingS

[–] jas0n@lemmy.world 91 points 2 months ago (2 children)

Apparently, the hackers exploited the backdoor that was provided for "lawful surveillance" in the 3G spec. Imagine that.

[–] manicdave 50 points 2 months ago (1 children)

Lol.

Seven years ago I spent hours trying to explain to my MP that this would happen if they weakened encryption and put in back doors.

He seemingly couldn't get his head round the fact that you have to assume foreign adversaries have access to everything in transit and they're not going to be worried about longer prison sentences designed to make up for weaker security.

I should send him an email asking if he understands the argument now it's coming from an American in a suit and not just one of the plebs.

[–] possiblylinux127@lemmy.zip 5 points 2 months ago* (last edited 2 months ago)

You absolutely should

Also include links to the human rights abuse done by the Chinese police. And the fact that South Korea almost just turned into a dictatorship.

[–] possiblylinux127@lemmy.zip 11 points 2 months ago (1 children)

My understanding is that the scope is totally unknown. I'm sure they exploited the crap out of those systems.

[–] cannedtuna@lemmy.world 14 points 2 months ago

At first, the F.B.I. and other investigators believed that China’s hackers used stolen passwords to focus mostly on the system that taps telephone conversations and texts under court orders. It is administered by a number of the nation’s telecommunications firms, including the three largest — Verizon, AT&T and T-Mobile. But in recent days, investigators have discovered how deeply China’s hackers had moved throughout the country by exploiting aging equipment and seams in the networks connecting disparate systems.

https://www.nytimes.com/2024/11/21/us/politics/china-hacking-telecommunications.html

Doesn’t look like they know (or are willing to share specifics as to) the full scope of the hack, but they seem to have a pretty good idea.

[–] Console_Modder@sh.itjust.works 31 points 2 months ago* (last edited 2 months ago) (4 children)

So what would be an encrypted messenger? Telegram or a Matrix app like Element? Asking cuz I've been kinda hinting to my friends that maybe we should move away from Facebook Messenger, but all we do is share memes and YouTube videos... Occasionally we'll fuck with their stupid AI and make it write all responses in cuneiform or call everyone "shitass"

Edit: I can't spell for shit

[–] NaibofTabr@infosec.pub 57 points 2 months ago (2 children)
[–] peopleproblems@lemmy.world 26 points 2 months ago

And it's open source!

[–] Console_Modder@sh.itjust.works 15 points 2 months ago (1 children)

I've been leaning towards Matrix/Element, but I'll check out Signal and see what everyone else thinks. Thanks dood!

[–] kn33@lemmy.world 18 points 2 months ago

Signal is pretty easy to get people into, too, I feel like.

[–] possiblylinux127@lemmy.zip 24 points 2 months ago (1 children)

Matrix is not always encrypted.

Signal, Simplex chat or any other well vetted messager. Avoid Telegram as it isn't encrypted and is tied to Russia.

[–] Sailing7@lemmy.ml 3 points 2 months ago* (last edited 2 months ago) (1 children)

Whut? When is matrix not encrypted somtetimes? Genuine question - I'm a matrix newbie and i thought that all was encrypted was the whole point O.o

[–] possiblylinux127@lemmy.zip 3 points 2 months ago* (last edited 2 months ago) (1 children)

On the transport level it is encrypted but not on the server. To get E2EE you need to turn it on.

[–] msage@programming.dev 7 points 2 months ago

It's been on by default for many years now.

[–] devfuuu@lemmy.world 13 points 2 months ago (1 children)

We have been down this road before. There's nothing out there beating or close enough to signal.

https://soatok.blog/2024/05/14/its-time-for-furries-to-stop-using-telegram/ https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/

[–] VeganCheesecake@lemmy.blahaj.zone 2 points 2 months ago* (last edited 2 months ago)

I'd argue Threema. The server code isn't open source, but the apps are auditable. You can use it without any other identifiers (phone number, email are optional). It comes from a private company, but they have had a good track record.

Edit: They also have a version on F-Droid, without proprietary components, that uses their own push protocol instead of Google's.

[–] marcos@lemmy.world 25 points 2 months ago (1 children)

What, they weren't recommending encrypted communication before?

[–] AnarchoSnowPlow@midwest.social 59 points 2 months ago (1 children)

They didn't want to compromise their ability to spy on us easily.

[–] scrubbles@poptalk.scrubbles.tech 12 points 2 months ago (2 children)

Note even with all of this they only recommend they use encrypted messaging. We should merrily go along with fb messenger or sms or whatever they swear is good.

[–] dzervas@lemmy.world 3 points 2 months ago

btw messenger isn’t the worst case scenario. 1-1 chats are e2ee.

it’s still facebook and it sucks, but it’s not as bad as SMS/calls

[–] SendMePhotos@lemmy.world 21 points 2 months ago (2 children)

What breach happened

[–] possiblylinux127@lemmy.zip 53 points 2 months ago* (last edited 2 months ago) (2 children)

It not about one breach

CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard. They are constantly evolving and adapting it so it is very tricky to pinpoint and clean systems.

Because of all this, CISA is now recommending that people use encrypted messagers. Usually the government wants unfeathered access to data so that's how you know it is very bad.

[–] corsicanguppy@lemmy.ca 14 points 2 months ago (2 children)

unfeathered

Bone apple tea?

[–] Albbi@lemmy.ca 5 points 2 months ago (2 children)

France is bacon.

[–] Anticorp@lemmy.world 3 points 2 months ago

Finkle is Einhorn!

[–] postmateDumbass@lemmy.world 2 points 2 months ago (1 children)

Madam cure me.

[–] Boxscape@lemmy.sdf.org 2 points 2 months ago

Should of, would of, could of.

load more comments (1 replies)
[–] Cracks_InTheWalls@sh.itjust.works 8 points 2 months ago

Do you have a link to the report?

[–] solrize@lemmy.world 17 points 2 months ago (1 children)

Salt Typhoon.

[–] TropicalDingdong@lemmy.world 6 points 2 months ago (1 children)

Sodium Tsunami.

[–] Ephera@lemmy.ml 5 points 2 months ago

NaCl Cyclone.

[–] Anticorp@lemmy.world 1 points 2 months ago* (last edited 2 months ago) (1 children)

How much of this was delivered through the TikTok app?

[–] Nastybutler@lemmy.world 18 points 2 months ago (1 children)

None. It was built into the hardware. TikTok isn't telecommunications related

[–] ForgotAboutDre@lemmy.world 5 points 2 months ago (1 children)

This was caused by lowest bidder decision making. Along with a tolerance for critical systems designed, developed and manufactured outside of North America and Western Europe. If a country doesn’t have a history of liberal democracy, they can never be fully trusted.

[–] possiblylinux127@lemmy.zip 1 points 2 months ago

I think trust is the problem honesty trust less and you won't have to worry as much.

load more comments
view more: next ›