What the wireshark captures are showing is the OVI app talking to their cloud (I would speculate the app is just updating its catalog or something of that sort).
I did not see even a mention of the word fingerprint. Let alone comparing the "fake" with the "real". Do I need to continue :) Krassi On Thu, Jan 10, 2013 at 2:21 PM, Jeffrey Altman <[email protected]> wrote: > When you look at what the Nokia Browser does in the non-TLS case you see > that the Nokia Browser like the Kindle Browser and Opera Mobile use a > dedicated proxy server to avoid DNS latency and permit > cached/compressed/reformatted web pages to be transmitted to the mobile > device. This is > performed by the Nokia Browser including the desired target URL as a > private http header. > > What I believe is occurring for https connections is that Nokia Browser > is establishing a TLS connection to the Nokia Proxy and continuing to > send the target URL as a private http header. What is unclear is how > the Nokia Browser interacts with the proxy under this situation. Is the > Proxy providing a tunnel for the client or is it acting as a MITM? > > This does not appear to me to be a certificate being misused. > > Jeffrey Altman > > > On 1/10/2013 4:53 PM, ianG wrote: > >> Just on that theme of multiple attacks from different vectors leading to >> questions at the systemic level, another certificate failure just got >> posted on slashdot: >> >> http://mobile.slashdot.org/story/13/01/09/1910210/nokia-redirecting-traffic-on-some-of-its-phones-including >> >> >> "On Wednesday, security professional Gaurang Pandya outlined how Nokia >> is hijacking Internet browsing traffic on some of its phones. As a >> result, the company technically has access to all your Internet content, >> including sensitive data that is sent over secure connections (HTTPS), >> such as banking credentials and pretty much any other usernames and >> passwords you use to login to services on the Internet. Last month, >> Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a >> proxy, instead of directly hitting the requested server. The connections >> are either redirected to Nokia/Ovi proxy servers if the Nokia browser is >> used, and to Opera proxy servers if the Opera Mini browser is used (both >> apps use the same User-Agent)." >> >> Which Nokia apparently admits: >> >> "When temporary decryption of HTTPS connections is required on our proxy >> servers, to transform and deliver users’ content, it is done in a secure >> manner." >> >> http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ >> >> Pictures above seem to indicate VeriSign as the CA, but whether that >> means they know about the MITMing is not clear. >> >> iang >> > > > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
