[maeon3]

The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

sounds like an agenda to setup the stage to get censorship back on the table. The FBI wants these breaches, then they can point to it and say "we need censorship to take down these videos because we cant be bothered with any security precautions".

[lawnchair_larry]

The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

No.

[Karunamon]

>The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

Systems haven't been susceptible to that attack for years, and it doesn't matter anyways! They could have been using a fucking private satellite protected with three layers of the best ciphers known to man, it still would have been broken by them getting the conference number and password, like they did here.

[mjwalshe]

The question is why did the call participants not use something your have in addition to username and password to access the call - you know like the RSA token thingy I use to log into my work network from home?

[Karunamon]

I'm not sure a conferencing system like that even exists. It's definitely a good idea, but I've never heard of enterprise gear with that kind of feature.

[dade_]

They absolutely exist and for a sensitive conference call such as this, each user should have had an individual pin and a role call should have been played (playback of each recorded name). Double logins would cause suspicion as well as non-recorded names. Also, all modern systems have a web interface that allows you to see the participants on you call. In some cases you can even bring up the phone number of each participant on your phone display. When it comes to telephony, it is nearly impossible to get important security measures enabled because people want everything to work the way it did for the last 15 years. Also, users absolutely refuse to educate themselves, it is just a phone, what is there to know. Yet look at all of the outrage over people logging into voicemail or performing theft of service due to trivial passwords, CLID spoofing and now simply dialing into a conference bridge.

There should be laws against people entitled to sensitive information sharing via indefensibly incompetent methods. That might make agents thing twice before doing something this stupid.

[mjwalshe]

well it would be the obvious solution to securing conferencing systems and I cant see any reason you could not use the same hardware we use for VPN access to authenticate you to video conferencing system just ask for a second pin generated by the securid system on sign in.