Re: [guardian-dev] weird network activity on mobile network

2020-05-25 Thread Hans-Christoph Steiner 

Interesting, thanks for the report.

.hc

Matej Kovacic via guardian-dev:
> Hi,
> 
> maybe this story (which is still ongoing) will be of interest of some
> people around here.
> 
> I a blogging (in Slovenian language, but you can use google Translate)
> about the second largest mobile operator in Slovenia. In short, I have
> noticed they are doing MITM on HTTPS connections and it turned out that
> they are using Secucloud DNS filtering with quite stupid implementation
> - they were sending requests to blacklisted domains through proxy, which
> did MITM with self signed certificate.
> 
> And few days after that I found out that their mobile network has been
> inserting additional HTTP headers: X-MCCMNC with the value “29340”
> (mobile country code and network code) and - oh yes, baby -
> X-Asmp-User-Msisdn, which in fact contained the phone number of the
> subscriber.
> 
> There is much more of course. I would say it is quite fun reading,
> however it is really a bad practice and - my personal opinion - terrible
> incompetence of maintaining their own network.
> 
> Here are the links:
> 
> # https://telefoncek.si/2020/05/12/prestrezanje-v-omrezju-a1/
> # https://telefoncek.si/2020/05/18/nenavadno-dogajanje-v-omrezju-a1/
> # 
> https://telefoncek.si/2020/05/24/poseganje-v-promet-uporabnikov-operaterja-bob/
> 
> 
> If there is an interest, I can try to compile an English version.
> 
> Regards,
> Matej
> 
> 
> ___
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556
___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org

[guardian-dev] weird network activity on mobile network

2020-05-25 Thread Matej Kovacic via guardian-dev 
Hi,

maybe this story (which is still ongoing) will be of interest of some
people around here.

I a blogging (in Slovenian language, but you can use google Translate)
about the second largest mobile operator in Slovenia. In short, I have
noticed they are doing MITM on HTTPS connections and it turned out that
they are using Secucloud DNS filtering with quite stupid implementation
- they were sending requests to blacklisted domains through proxy, which
did MITM with self signed certificate.

And few days after that I found out that their mobile network has been
inserting additional HTTP headers: X-MCCMNC with the value “29340”
(mobile country code and network code) and - oh yes, baby -
X-Asmp-User-Msisdn, which in fact contained the phone number of the
subscriber.

There is much more of course. I would say it is quite fun reading,
however it is really a bad practice and - my personal opinion - terrible
incompetence of maintaining their own network.

Here are the links:

# https://telefoncek.si/2020/05/12/prestrezanje-v-omrezju-a1/
# https://telefoncek.si/2020/05/18/nenavadno-dogajanje-v-omrezju-a1/
# 
https://telefoncek.si/2020/05/24/poseganje-v-promet-uporabnikov-operaterja-bob/


If there is an interest, I can try to compile an English version.

Regards,
Matej
-- 

Blog: https://telefoncek.si
PGP Fingerprint: CAB3 88B5 69F0 226C 7A5A 8C16 535C 4A5A 666F 1CCE
PGP Key: 666F1CCE


___
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email:  guardian-dev-unsubscr...@lists.mayfirst.org