| ▲ | Fnoord a day ago | |
We merely bought the honeypot, Your Honor! We didn't know what we were buying! Perfect cover story /slowclap Secret services use companies as cover all the time. Nothing new there. The conspiracy is that it is a dragnet for the data, and given the data is first send plaintext to Zivver (see the Dutch FTM article I already linked), it isn't far-fetched. Looking at the current geopolitical situation, it also isn't far-fetched. It even fits in the Israeli secret services' M.O. Actually, anyone who uses Zivver can find these vulnerabilities. I was worried about this, and reported it to my former employer (while still employed), but alas I did not have a PoC and they had a lot of other security related incidents so this was low priority. Also, this was at a time when the company was still privately owned by the Dutch founders. My hypothesis is that someone working for such an organization passed it to the Israeli secret service, who then got motivated to buy this honeypot. Chinese do something similar: release some piece of technology, never provide any meaningful updates to the product, and voila it is insecure as hell (yet 'we didn't know' provides plausible deniability). I saw this first-hand with KRACK vulnerability. Also... Kiteworks [1] is the name of the company. Not sure why you keep calling it Kitenet. | ||