@LaF0rge@chaos.social avatar

LaF0rge

@LaF0rge@chaos.social

#Osmocom founder. Mobile Communication expert. Former Linux kernel hacker, freedom fighter. Nerd. #retronetworking. Mensch mit Kommandozeilenhintergrund. searchable via tootfinder. Director of https://mastodon.social/@sysmocom

This profile is from a federated server and may be incomplete. Browse more on the original instance.

LaF0rge, to random
@LaF0rge@chaos.social avatar

I just stumbled across the "Journal of Occupational Accidents". And yes, this really appears to be a legitimate scientific publication!

LaF0rge, to random
@LaF0rge@chaos.social avatar

are there any Siemens EWSD experts among my followers? Particular Focus: Hardware configuration; possibly building a (physically) smaller system out of an existing EWSD deployment. #followerpower #retronetworking #ISDN

LaF0rge, (edited ) to random
@LaF0rge@chaos.social avatar

Vor den Internetausdruckern gab es die BTX-Ausdrucker. Beweis: Fotos des BTX-Drucker II (präsentiert in DBP Telekom Unterrichtsblätter 12/1990) #retronetworking

LaF0rge, to random
@LaF0rge@chaos.social avatar

The first time I get an actual cell broadcast / PWS warning on a public cellular network in Germany. Happy to see things are starting to improve...

image/jpeg

LaF0rge,
@LaF0rge@chaos.social avatar

@penguin42 apparently some German official thought conflagration is the proper English word for something I'd translate as a "wide area fire" or "major fire".

dancinyogi, (edited ) to random
@dancinyogi@mastodon.sdf.org avatar

Which method of transportation do you prefer?

*I would have loved to add 'other' or other options, but I only have four options available for polls.

LaF0rge,
@LaF0rge@chaos.social avatar

@dancinyogi you're clearly missing Motorbike in your list!

LaF0rge, to random
@LaF0rge@chaos.social avatar

given what you, my followers know about my interests in technology (radio, telecom, retronetwoking, embedded, bare-iron, FOSS, OSHW, ...): What kind of podcasts would you recommend me to check out?

jsrailton, to random
@jsrailton@mastodon.social avatar

deleted_by_author

  • Loading...
  • LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton "global title" is an address in the worldwide SCCP network (part of SS7). What other systems you can reach with it largely depends on filter policies at other operators/networks, just like in IP networks with packet filters and the like

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton so a random global title somewhere is usually not very attractive to surveillance activities. What matters is to have (control over) a global title within one operator network / address range that is white-listed at other operators systems e.g. for roaming. The attacker can then spoof outbound roaming etc.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton it's more like "crooked MV[N]O or anyone with access to generating traffic from one of their GT can claim that target subscriber is now roaming to crooked MVNO and hence receive all inbound calls/SMS"

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton there is no authentication flow between subscriber and home network in classic 2G/3G roaming on SS7! The visited network simply claims the IMSI has registered there, an the home network has no way of verifying this. If the visited network wants to do authentication, and if it cares about the result, is entirely up to the (rogue) visited network!

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton while it might ring an alarm (if anyone cared), it still opens a race condition sufficient enough for 2FA SMS to end up elsewhere

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton sorry, you are clearly portraying the procedures on the roaming interface wrongly. Please check the GSM MAP specs (TS 29.002). The HPLMN has no way to request the VPLMN to perform any authorization. The decision is entirely in the VPLMN if it ever optionally requests Auth quintuples from HLR via SendAuthInfo, and whether of not it ever uses them.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton @LaF0rge it is perfectly within the 3GPP specs for any VPLMN to simply perform a MAP UpdateLocation procedure for any IMSI of any inbound roaming partner. The HPLMN has no way within the protocol to mandate anything. I'm implementing those protocols and publishing about them for 15+ years.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton theres no need for nay "remote provision of your subscription info". The subscription information is stored in the HLR/HSS, not on the SIM. the SIM is merely a token of identifying that subscription.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton I'm not sure how you come to that conclusion. The HPLMN can and will of course have a white-list about which VPLMN is permitted. But that's not authentication, just a white-list.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton I don't know where you are getting your Information from, it clearly does not reflect at all the reality of how 3GPP network technology works. There is no point in continuing this conversation.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton without an IMSI on the card, nothing would ever work. It's impossible to register to any network. In fact, the phone would inform you about a defective SIM if it couldn't read a valid EF.IMSI file on it. Please stop spreading rumors about how cellular technology works.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton I just contest your technical deductions/conclusions, not your user experience. Of course it is e.g. possible to change the IMSI of a card remotely over SIM OTA, as many multi-IMSI solutions have demonstrated for a long time. But the card must have an IMSI with a valid roaming agreement to reach your HPLMN and then they can do OTA and do whatever to the card. So the card clearly is not "blank and devoid of IMSI". Also, no "provisioning info"

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @jfmezei @jsrailton just give up on the term "blank sim". call it a "restricted service SIM for bootstrapping". It's anything but blank. Also, the mapping between phone number and IMSI is done in the core network. your sim has nothing to do with that. Within 3GPP networks the operator can change your phone number(s) all day long and nothing on your SIM changes or even knows about it. IMSI also stays the same. final answer.

    LaF0rge,
    @LaF0rge@chaos.social avatar

    from the network / 3GPP technology point, that SIM is not "inactive". It might be the subscription associated with the IMSI of the card (data stored on HLR/HSS) which is disabled in the core network until you enter the ICCID of the card to some website. That changes nothing on your sim, it just changes some flags in the HLR/HSS database.

    LaF0rge, to linux
    @LaF0rge@chaos.social avatar

    Really curious to see how CVS-223-32233 for #linux #netfilter nf_tables https://seclists.org/oss-sec/2023/q2/133 can be exploted fom "unprivileged local users". AFAICT, nf_tables_api goes through nfnetlink, and nfnetlink_rcv() checks for CAP_NET_ADMIN way before the code in nf_tables_api is hit. Disclaimer: I'm not involved with netfilter for >10 years now, so my knowledge might be rusty (no pun intended).

    LaF0rge, to random
    @LaF0rge@chaos.social avatar

    why does nobody seem to sell Intel N100/N200 mainboards / single-board computers? They all appear to be sold as appliances with enclosure. Strange, given the many other embedded x86 SBCs / SoMs for different CPUs. Does #Intel mandate an enclosure for products with N100/N200?

    LaF0rge, to random
    @LaF0rge@chaos.social avatar

    #singapore airport. where I as random user of the free public wifi can get constant >= 30Mbps uplink bandwidth to my servers in Germany - more than many German DSL subscribers can get as paying customers...

    LaF0rge,
    @LaF0rge@chaos.social avatar

    @mrtoto I have good memories of VIE. Used to be my favourite hop back when I was travelling a lot to Taipei. Used to have direct VIE-TPE flights, and VIE is a very convenient small airport to connect through, no long walks (unlike CDG, FRA, ...)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • InstantRegret
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • modclub
  • Youngstown
  • ngwrru68w68
  • slotface
  • osvaldo12
  • kavyap
  • DreamBathrooms
  • Leos
  • thenastyranch
  • everett
  • cubers
  • cisconetworking
  • normalnudes
  • Durango
  • anitta
  • khanakhh
  • tacticalgear
  • tester
  • provamag3
  • megavids
  • lostlight
  • All magazines