Spectrum ISP SSL/TLS Interception Bug

https://andrewgazelka.notion.site/SSL-Issue-2c46ce90d17f80a9bc30ff3402f7f865

27•sleepingreset•2mo ago

Comments

ycombiredd•2mo ago

Is it naive of me to ask why it is being just casually accepted that a major ISP is mitm'ing TLS traffic?

server_man3000•2mo ago

They are also probably collecting DNS records from millions of customers too or inspecting SNI on TLS handshakes to know what sites each customer is visiting.

ECH and DOH people!

eqvinox•1mo ago

> "Encrypted Client Hello (ECH) - Enabled, limited effect"

Not sure what TFA means with this, reads like ECH doesn't help

Coincidentally, this article's webpage breaks copy & paste in its tables for presumed reasons of being "cutesy" with table click behavior. Can people please stop doing idiotic shit like this?

gruez•1mo ago

None of that requires messing with the connection though. You can't draw just passively observe and get the same info.

kmbfjr•1mo ago

They most certainly are. Large ISPs use Nokia Deepfield or Kentik for network monitoring, observability and user metrics. Both work due to volumes of metadata from net flows and DNS.

My gut tells me the broken intercept is a Nokia product.

schwag09•1mo ago

This is correct, it's even open source: https://github.com/deepfield/dnsflow.

J0nL•1mo ago

This and similar issues have been an ongoing issue with Spectrum going back to before Congress felt the need to call them (along with the other telcos) out for failing to secure their networks. I've noticed handshake issues at one time or another with webpages, DoH and dnscrypt, and VPN with TLS over UDP on a non-stand port.

During one particularly annoying episode where it effectively became a DOS I had my router log all dropped packets and then rebooted it. Immediately after reconnecting it drops a few incoming martians and invalid packets as if they were still expecting an active connection where there shouldn't have been any. The IPs were mostly upstream endpoints or gateways but at least once it was from a residential IP instead.

Between the weird arbitrary nature of the SSL/TLS handshake issues and the possible spoofing from upstream gateways I get the impression this is much more than just a bug.

euroderf•1mo ago

OT: Letter-spacing horrible. Backslash: SSL\TLS.

Atlas: Manage your database schema as code

Geist Pixel

Show HN: MCP to get latest dependency package and tool versions

The better you get at something, the harder it becomes to do

Show HN: WP Float – Archive WordPress blogs to free static hosting

Show HN: I Hacked My Family's Meal Planning with an App

Sony BMG copy protection rootkit scandal

The Future of Systems

NASA now allowing astronauts to bring their smartphones on space missions

Claude Code Is the Inflection Point

Show HN: MicroClaw – Agentic AI Assistant for Telegram, Built in Rust

Show HN: Omni-BLAS – 4x faster matrix multiplication via Monte Carlo sampling

The AI-Ready Software Developer: Conclusion – Same Game, Different Dice

AI Agent Automates Google Stock Analysis from Financial Reports

Voxtral Realtime 4B Pure C Implementation

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos