undefined | Better HN

0 pointsamaccuish5y ago0 comments

Two things wrong.

> They had unauthorized access

No it doesn't

>which means they used it

Does it?

As per HN regs, "The article mentions that."

0 comments

1 comments · 1 top-level

NicoJuicy5y ago

You are referencing the Guardian which is not the original source. I'm referencing the original report from Volkskrant, which has access to the Capgemini security audit.

The Capgemini report stated:

- They had accessed KPN's network without authorization and from China in 2009. They circumvented the default password policy from KPN

- They could have eavesdropped, because they had an application that enabled it, which was forbidden.

Also. The Dutch statement of KPN that the Guardian mentioned was not: "adding that none of its suppliers had “unauthorised, uncontrolled or unlimited access to our networks and systems”, as the article states.

The literal statement was ( in dutch):

> "Geen enkele leverancier van KPN heeft 'ongeautoriseerde, ongecontroleerde en ongelimiteerde' toegang tot de netwerken en systemen, of is in staat om KPN-klanten af te luisteren of tapinformatie in te zien."

Which is misleading, since it means: "Currently, no supplier has 'unauthorized and uncontrolled and unlimited' access to our networks and systems." This can be true, because they changed a lot because of the security audit that got leaked.

https://www.volkskrant.nl/nieuws-achtergrond/huawei-kon-alle... ( google cache is possible if you want to translate it fyi)

PS. I'm a native dutch speaker. There's a whole discussion about the misleading statement from KPN here: https://tweakers.net/nieuws/180642/tweede-kamer-wil-opnieuw-...

j / k navigate · click thread line to collapse