Got a question? Call 1800 853 276   |   

TeLeScope is a method to eavesdrop on TLS (hence the specific capitalisation in TeLeScope) communications between a virtualised server and a client without leaving any forensic evidence behind.

The attack capability was discovered by Bitdefender, who suggest that a CIO who outsources their virtualised infrastructure to third party providers should assume that all communications can be or has been snooped on by anyone knowledgeable enough to take advantage of the flaw.

“…we decided to publically disclose this in detail, as the social, economic and political stakes of passive traffic monitoring in virtualised environments are overwhelming”, states Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender.

The following Help Net Security article discusses the ramifications in relatively simple language, while Radu Caragea’s whitepaper discusses the method technically.

References:The Help Net Security article – Hypervisor wiretap feature can leak data from the cloudRadu Caragea’s whitepaper – TeLeScope – real-time peering into the depths of TLS traffic from the hypervisor

Are you protected by a Certified Ethical Hacker?

Terry

Want to learn more about how to protect your IT information and privacy? Attend the EC-Council Certified Ethical Hacker course at DDLS.

Feature Articles

Our AIICT brand expands portfolio with ten new courses to help address ICT skills shortage
The Australian Institute of ICT (AIICT) has introduced a new series of industry certified bootcamp programs and nationally-recognised qualifications to meet the surging demand for skilled ICT professionals in Australia.  The bootcamps support the Morrison Government’s recently announced Digital Skills Organisation (DSO) pilot, which recognises the importance of non-accredited training to support the development of skills of the future workforce. The bootcamp programs run for six months and comprise of several vendor-specific certifications. The courses include ‘Cloud Computing Certified Professional’, ‘Certified Microsoft Full Stack Developer’, ‘Certified Artificial Intelligence Professional’, ‘Growth Marketing Professional’ and ‘Certified Project Management Professional’. The decision to introduce the bootcamps follows the VET sector’s increasing move away from nationally recognised qualifications to vendor-specific, industry-certified training. According to the National Centre for Vocational Education Research, preference for accredited training courses has declined steadily in recent years, with employers increasingly less satisfied that these courses provide their employees with the most relevant and important skills for their business. This has led many organisations to preference non-accredited training provided by private technology vendors such as Microsoft and AWS.
Read more...