As security nerd working within telecom agreed. Nobody really cares about security issues. And when people already struggle to care about the issues it gets even worse when fixing some of the issues (such as SS7 vulns) requires coordination with telcos around the world. cape[1] at least seems like its a breath of fresh air within the space.

[1] - cape.co

Can confirm. It’s not even nonchalance, but outright hostility to security because that sounds like work and change. And if there’s anyone who hates change, it’s telcom. They still resent having to learn voip and it could have kids in college at this point.

Hi, CEO of Cape here. Great insights. Salt Typhoon is just the latest example of how fragile these systems are. Vulnerabilities in protocols like SS7 are just the tip of the iceberg, and the incentives to fix them are weak. Telcos prioritize uptime and revenue collection over security, and addressing these attack surfaces requires coordination between multiple entities—something that is slow and complicated. The industry tends to accept these risks rather than truly mitigate them.

cape.co marketing sounds suspiciously like the cia front in Switzerland in the late 90s.

"hey you who needs privacy, here's something that somehow costs even less than the ones selling your data"

I'll have to try to find a video of the HOPE presentation where I first heard about SS7 and how riddled it was with known vulnerabilities, my jaw hit the floor.

> (I didn't expect Hacker News to notice my blog at all.)

Your blog actually gets posted somewhat regularly [0]. I actually remembered it, because it’s one of the rare cases where I like the "cute" illustrations.

[0]: https://hn.algolia.com/?q=https%3A%2F%2Fsoatok.blog%2F