Reading about the recent SMTP and SSH vulnerabilities, I get the impression that open source projects, proprietary vendors and government agencies such as @certbund don't know how to talk to each other. They should at least have something like a red phone.
Please comment here if you have a constructive idea on how to improve the situation! #SECconsulting seems to assume that everyone uses #VINCE, a CMU service I had never heard of.
#SMTP:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
https://www.postfix.org/smtp-smuggling.html
@chpietsch @certbund @AlisonW then the challenge is to hack the red phone…
Interestingly, I learned the other day that the red phone was made up for dramatic purposes in Dr Strangelove - following which the US and USSR eventually ended up adopting a system of telex machines for said purpose, because less room for mistranslation.
@sam @certbund @AlisonW This is the kind of information I love the Fediverse and Wikipedia for.
https://en.wikipedia.org/wiki/Moscow%E2%80%93Washington_hotline
BTW I just learnt that TOR used to stand for Telex-On-Radio: https://en.wikipedia.org/wiki/Teleprinter
@chpietsch @AlisonW The Eric Schlosser mentioned in that first Wikipedia article is where I got it from and his book “Command and Control”. Much of which had my internal voice screaming “arrrrggh no you dickheads”.
Sobering stuff, great read
https://www.penguinrandomhouse.com/books/303337/command-and-control-by-eric-schlosser/