Hi all,
while not directly about email, recently was published details
about success MiTM attack against XMPP server, the attacker
was able to decrypt TLS communication without notice (from
both sides, the server and client) and was success for at least
three months, see
https://notes.valdikss.org.ru/jabber.ru-mitm/
In short: The attacker used valid LE certificate (requested by
self) to intercept traffic. The victims was services hosted on
Hetzner and LinodeĀ and it seems as Germany government's
action (not confirmed, but if true, it will never be).
IMO, that attack can be success on any TLS service (including
email) and for any place (clouds, own, ...), thus it is worth to be
aware of it, as your service can be not as private as one can
think.
regards
--
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
