At around 8pm, on January 26, reports appeared on Weibo and Twitter that users in China trying to access GitHub.com were getting warning messages about invalid SSL certificates. The evidence, listed further down in this post, indicates that this was caused by a man-in-the-middle attack. Full post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle One interesting conclusion is that support for HTTP Strict Transport Security in Chrome and Firefox makes a real difference. If man-in-the-middle attacks become more common in China, preventing users from adding exceptions and making the warning messages informative is crucial. We need to find ways to convince users to use browsers that support these safety measures. Currently, around 50% of Internet users in China use either the 360 so-called Safety Browser (which is a very ironic name) or Internet Explorer 6 (yes, it lives on in China). Martin Johnson Founder https://GreatFire.org - Monitoring Online Censorship In China. https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search. https://Unblock.cn.com - We Can Unblock Your Website In China. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE