[liberationtech] Man-in-the-middle attack on GitHub in China
Martin Johnson
greatfire at greatfire.org
Tue Jan 29 20:11:48 PST 2013
At around 8pm, on January 26, reports appeared on Weibo and Twitter that
users in China trying to access GitHub.com were getting warning messages
about invalid SSL certificates. The evidence, listed further down in this
post, indicates that this was caused by a man-in-the-middle attack. Full
post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle
One interesting conclusion is that support for HTTP Strict Transport
Security in Chrome and Firefox makes a real difference. If
man-in-the-middle attacks become more common in China, preventing users
from adding exceptions and making the warning messages informative is
crucial. We need to find ways to convince users to use browsers that
support these safety measures. Currently, around 50% of Internet users in
China use either the 360 so-called Safety Browser (which is a very ironic
name) or Internet Explorer 6 (yes, it lives on in China).
Martin Johnson
Founder
https://GreatFire.org - Monitoring Online Censorship In China.
https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search.
https://Unblock.cn.com - We Can Unblock Your Website In China.
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list