On Thu, Jan 10, 2013 at 6:02 PM, Krassimir Tzvetanov <[email protected]> wrote: > What the wireshark captures are showing is the OVI app talking to > their cloud (I would speculate the app is just updating its catalog or > something of that sort). > > I did not see even a mention of the word fingerprint. Let alone > comparing the "fake" with the "real". Do I need to continue :)
From Ian's initial post (below). It begs the question, why would Nokia even comment or admit to tampering with the secure channel? >>> Which Nokia apparently admits: >>> >>> "When temporary decryption of HTTPS connections is required on our proxy >>> servers, to transform and deliver users’ content, it is done in a secure >>> manner." >>> >>> http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ Not that it matters to folks like Mozilla..... Jeff > On Thu, Jan 10, 2013 at 2:21 PM, Jeffrey Altman > <[email protected]> wrote: >> When you look at what the Nokia Browser does in the non-TLS case you see >> that the Nokia Browser like the Kindle Browser and Opera Mobile use a >> dedicated proxy server to avoid DNS latency and permit >> cached/compressed/reformatted web pages to be transmitted to the mobile >> device. This is >> performed by the Nokia Browser including the desired target URL as a >> private http header. >> >> What I believe is occurring for https connections is that Nokia Browser >> is establishing a TLS connection to the Nokia Proxy and continuing to >> send the target URL as a private http header. What is unclear is how >> the Nokia Browser interacts with the proxy under this situation. Is the >> Proxy providing a tunnel for the client or is it acting as a MITM? >> >> This does not appear to me to be a certificate being misused. >> >> Jeffrey Altman >> >> >> On 1/10/2013 4:53 PM, ianG wrote: >> >>> Just on that theme of multiple attacks from different vectors leading to >>> questions at the systemic level, another certificate failure just got >>> posted on slashdot: >>> >>> http://mobile.slashdot.org/story/13/01/09/1910210/nokia-redirecting-traffic-on-some-of-its-phones-including >>> >>> >>> "On Wednesday, security professional Gaurang Pandya outlined how Nokia >>> is hijacking Internet browsing traffic on some of its phones. As a >>> result, the company technically has access to all your Internet content, >>> including sensitive data that is sent over secure connections (HTTPS), >>> such as banking credentials and pretty much any other usernames and >>> passwords you use to login to services on the Internet. Last month, >>> Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a >>> proxy, instead of directly hitting the requested server. The connections >>> are either redirected to Nokia/Ovi proxy servers if the Nokia browser is >>> used, and to Opera proxy servers if the Opera Mini browser is used (both >>> apps use the same User-Agent)." >>> >>> Which Nokia apparently admits: >>> >>> "When temporary decryption of HTTPS connections is required on our proxy >>> servers, to transform and deliver users’ content, it is done in a secure >>> manner." >>> >>> http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ >>> >>> Pictures above seem to indicate VeriSign as the CA, but whether that >>> means they know about the MITMing is not clear. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
