Spectrum ISP SSL/TLS Interception Bug

https://andrewgazelka.notion.site/SSL-Issue-2c46ce90d17f80a9bc30ff3402f7f865

27•sleepingreset•2mo ago

Comments

ycombiredd•2mo ago

Is it naive of me to ask why it is being just casually accepted that a major ISP is mitm'ing TLS traffic?

server_man3000•2mo ago

They are also probably collecting DNS records from millions of customers too or inspecting SNI on TLS handshakes to know what sites each customer is visiting.

ECH and DOH people!

eqvinox•2mo ago

> "Encrypted Client Hello (ECH) - Enabled, limited effect"

Not sure what TFA means with this, reads like ECH doesn't help

Coincidentally, this article's webpage breaks copy & paste in its tables for presumed reasons of being "cutesy" with table click behavior. Can people please stop doing idiotic shit like this?

gruez•2mo ago

None of that requires messing with the connection though. You can't draw just passively observe and get the same info.

kmbfjr•2mo ago

They most certainly are. Large ISPs use Nokia Deepfield or Kentik for network monitoring, observability and user metrics. Both work due to volumes of metadata from net flows and DNS.

My gut tells me the broken intercept is a Nokia product.

schwag09•2mo ago

This is correct, it's even open source: https://github.com/deepfield/dnsflow.

J0nL•2mo ago

This and similar issues have been an ongoing issue with Spectrum going back to before Congress felt the need to call them (along with the other telcos) out for failing to secure their networks. I've noticed handshake issues at one time or another with webpages, DoH and dnscrypt, and VPN with TLS over UDP on a non-stand port.

During one particularly annoying episode where it effectively became a DOS I had my router log all dropped packets and then rebooted it. Immediately after reconnecting it drops a few incoming martians and invalid packets as if they were still expecting an active connection where there shouldn't have been any. The IPs were mostly upstream endpoints or gateways but at least once it was from a residential IP instead.

Between the weird arbitrary nature of the SSL/TLS handshake issues and the possible spoofing from upstream gateways I get the impression this is much more than just a bug.

euroderf•2mo ago

OT: Letter-spacing horrible. Backslash: SSL\TLS.

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Sebastian Galiani on the Marginal Revolution

Ask HN: Are we at the point where software can improve itself?

Binance Gives Trump Family's Crypto Firm a Leg Up

Reverse engineering Chinese 'shit-program' for absolute glory: R/ClaudeCode

Indian Culture

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

Matthew Shulman, co-creator of Intellisense, died 2019 March 22

Show HN: SuperLocalMemory – AI memory that stays on your machine, forever free

Show HN: Pyrig – One command to set up a production-ready Python project

Fast Response or Silence: Conversation Persistence in an AI-Agent Social Network [pdf]

C and C++ dependencies: don't dream it, be it

Show HN: Vbuckets – Infinite virtual S3 buckets

Open Molten Claw: Post-Eval as a Service

New York Budget Bill Mandates File Scans for 3D Printers

The End of Software as a Business?

Exploring 1,400 reusable skills for AI coding tools