senooken JP Social
  • FAQ
  • Login
senooken JP Socialはsenookenの専用分散SNSです。

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. rysiek@mastodon.technology's status on Thursday, 13-Oct-2022 18:54:24 JST rysiek rysiek

    Looks like #Telegram leaks usernames in #TLS SNI:
    https://nitter.it/fo0_/status/1580146963579740160

    🤦♀️

    TLS SNI is sent in *clear text*, because it is a mechanism that informs the server hosting multiple websites on a single IP address which TLS certificate to present to the client.

    Putting username in SNI makes it *trivial* for anyone listening on the wire to track who and when is communicating with Telegram servers. Add some timing analysis and one can reason about who is talking to whom.

    Metadata kills.

    #Infosec

    In conversation Thursday, 13-Oct-2022 18:54:24 JST from mastodon.technology permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      https://twitter.com/fo0_/status/1580146963579740160
      from fo0

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    senooken JP Social is a social network, courtesy of senooken. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All senooken JP Social content and data are available under the Creative Commons Attribution 3.0 license.