TLS – Server logfile compromise

Whenever you use TLS encrypted messaging tools

  • AOL Instant messenger
  • Blackberry Messenger
  • Ebuddy
  • Facebook Messages
  • QQ
  • Skype
  • SnapChat
  • Telegram Standard chats
  • Viber
  • Virtru
  • WhatsApp (old protocol)
  • XMPP-servers
  • Yahoo Messenger

there’s a “trusted” man in the middle. The trust in this context is “trust us, or don’t use our services”. Data aggregation is real; Facebook is being sued over analyzing private conversations, and the best quote about trustworthiness of server seeing messages comes from Mark Zuckerberg, the CEO of Facebook:

Zuck: They “trust me”
Zuck: Dumb fucks.


What’s worse, the five applications colored red provide content and metadata to NSA via FBI.

Slide leaked by whistleblower Edward Snowden.

Slide leaked by whistleblower Edward Snowden

The following diagram illustrates how subpoenas, NSLs and PRISM bypass TLS encryption completely. Other HSAs most likely have similar access to their domestic companies, and since many times HSAs co-operate, obtaining data from servers in allied nations is trivial.

In the cases where server is in neutral or hostile country, HSAs may compromise the server with malware to steal log files in real time or periodically.

TLS RSA Server log exfiltration


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s