Hi, maybe this story (which is still ongoing) will be of interest of some people around here.
I a blogging (in Slovenian language, but you can use google Translate) about the second largest mobile operator in Slovenia. In short, I have noticed they are doing MITM on HTTPS connections and it turned out that they are using Secucloud DNS filtering with quite stupid implementation - they were sending requests to blacklisted domains through proxy, which did MITM with self signed certificate. And few days after that I found out that their mobile network has been inserting additional HTTP headers: X-MCCMNC with the value “29340” (mobile country code and network code) and - oh yes, baby - X-Asmp-User-Msisdn, which in fact contained the phone number of the subscriber. There is much more of course. I would say it is quite fun reading, however it is really a bad practice and - my personal opinion - terrible incompetence of maintaining their own network. Here are the links: # https://telefoncek.si/2020/05/12/prestrezanje-v-omrezju-a1/ # https://telefoncek.si/2020/05/18/nenavadno-dogajanje-v-omrezju-a1/ # https://telefoncek.si/2020/05/24/poseganje-v-promet-uporabnikov-operaterja-bob/ If there is an interest, I can try to compile an English version. Regards, Matej -- Blog: https://telefoncek.si PGP Fingerprint: CAB3 88B5 69F0 226C 7A5A 8C16 535C 4A5A 666F 1CCE PGP Key: 666F1CCE <https://keyserver.ubuntu.com/pks/lookup?search=0x535C4A5A666F1CCE&fingerprint=on&op=vindex>
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
