On Friday, May 19, 2023, 12:00:21 PM GMT+2, <swinog-request@lists.swinog.ch> wrote:
Send swinog mailing list submissions to
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of swinog digest..."
Today's Topics:
1. Re: Sicherheit von SS7 - mit Schweiz-Bezug (Ralph Krämer)
----------------------------------------------------------------------
Message: 1
Date: Thu, 18 May 2023 22:33:17 +0200 (CEST)
Subject: [swinog] Re: Sicherheit von SS7 - mit Schweiz-Bezug
Content-Type: text/plain; charset=utf-8
about time ;-)
----- Am 15. Mai 2023 um 13:31 schrieb Florin Sfetea via swinog swinog@lists.swinog.ch:
> Hello all,
>
> I was reading this old(2018) ENISA Report [
> |
> ]
> Might help in some way but reading it had reminded me of ARP spoofing/poisoning
> attacks which even today are still used and work in a lot of networks that I
> have been. :)
>
> One year later I had open a case with Salt where I requested a public statement
> that they had fixed/mediated the issues discovered up to that time(March 2019)
> or at least that a remediation plan was in place.
>
> Someone from Support answered that " The introduction of 5G will only take place
> if data security is guaranteed for our customers and we can assume that the
> security issue will not lead to a delay in the introduction of 5G. "
>
> I was not satisfied ::)) with the answer and requested an escalation
>
> They eventually closed my case in July 2019 with:
>
> " Dear Sir,
>
>
> Salt follows industry best practices in terms of security for its entire mobile
> infrastructures and improves constantly the protection of its mobile
> infrastructures and customers. The case you mention is known and has been
> addressed accordingly.
> "
> No public statement nor such other mentions of which fix was exactly addressed.
>
> I don't have anything with any mobile provider. At that time it was just happen
> to be Salt. I move from time to time to different other ones.
>
> I think we should have here in Switzerland more or less a same similar to ENISA
> organization that should supervise and perform regular audits on mobile
> providers. Melani/NCSC would that fit your bill?
>
> I never really had time to further test if any of those vulnerabilities or newer
> where actually fixed. Someone should definitely do it. Free for fame or payed
> from a government branch is to
> ]
>
>
> Regards,
> Florin
>
> _______________________________________________
------------------------------
Subject: Digest Footer
_______________________________________________
------------------------------
End of swinog Digest, Vol 219, Issue 11
***************************************