Re: Snowden on the Twitters

30 Sep 2015

      It is behind Cloudflare's MiTM service which adds web services names to their existing certs as alternative Names.

So your SSL/TLS connection is terminated on Cloudflare's web application firewalls and NOT the web servers that you think is terminating it.

Given CF handle over 4% of web traffic it is a great place to collect and collate what was encrypted traffic for monitoring and anti-privacy purposes.

Cheers,
Oshwm.

On 30 September 2015 07:25:42 BST, Georgi Guninski <guninski@guninski.com> wrote:
...
On Wed, Sep 30, 2015 at 01:26:18AM -0400, grarpamp wrote:
...
https://twitter.com/Snowden
https://freedom.press/ of which Snowden is director has weird
certificate, sharing a lot of Alt names:
Alt names for ssl7272.cloudflare.com (freedom.press certificate):
DNS Name: ssl7272.cloudflare.com
DNS Name: *.beauty88.com.cn
DNS Name: *.beauty88.com.tw
DNS Name: *.betteroff.net
DNS Name: *.elderslie-babylon-fastfood.com
DNS Name: *.elfourno.com
DNS Name: *.errolskebabhouse.com
DNS Name: *.everestbhansaghar.com
DNS Name: *.everestdine.com
DNS Name: *.expresskebabcrayford.com
DNS Name: *.fafawispizza.com
DNS Name: *.familykebab.com
DNS Name: *.familykebabhouse.com
DNS Name: *.fanellispizza.com
DNS Name: *.fanellistakeaway.com
DNS Name: *.farsleyfastfood.com
DNS Name: *.fastfoodstoke.com
DNS Name: *.favoritechickengrays.com
DNS Name: *.favourfastfood.com
DNS Name: *.freedom.press
DNS Name: *.harpqualified.com
DNS Name: *.haykobagdat.com
DNS Name: *.helptohelp.se
DNS Name: *.mcmistanbul.com
DNS Name: *.ploughinn.com.au
DNS Name: *.seomate.com
DNS Name: *.zenithsecure.com
DNS Name: beauty88.com.cn
DNS Name: beauty88.com.tw
DNS Name: betteroff.net
DNS Name: elderslie-babylon-fastfood.com
DNS Name: elfourno.com
DNS Name: errolskebabhouse.com
DNS Name: everestbhansaghar.com
DNS Name: everestdine.com
DNS Name: expresskebabcrayford.com
DNS Name: fafawispizza.com
DNS Name: familykebab.com
DNS Name: familykebabhouse.com
DNS Name: fanellispizza.com
DNS Name: fanellistakeaway.com
DNS Name: farsleyfastfood.com
DNS Name: fastfoodstoke.com
DNS Name: favoritechickengrays.com
DNS Name: favourfastfood.com
DNS Name: freedom.press
DNS Name: harpqualified.com
DNS Name: haykobagdat.com
DNS Name: helptohelp.se
DNS Name: mcmistanbul.com
DNS Name: ploughinn.com.au
DNS Name: seomate.com
DNS Name: zenithsecure.com
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.