Iceweasel 33 on Parabola is vulnerable. So yes, the Chinese can attack Parabola users. But then, Verisign is also there, so the USAmericans can as well. Should we get rid of TLS already? <g>
== hk -------- Forwarded Message -------- Subject: [liberationtech] China Internet Network Information Center is a trusted root CA Date: Tue, 28 Oct 2014 14:27:32 +0800 From: Percy Alpha <[email protected]> Reply-To: liberationtech <[email protected]> To: liberationtech <[email protected]> I'm Percy from GreatFire.org; the author of the report of the iCloud MITM in China <http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/apples-icloud-service-suffers-cyber-attack-in-china-putting-passwords-in-peril/> last week. The attacks used self-signed certificate. But I believe that targeted attacks using CNNIC CA is very possible if not happened already. Microsoft, Apple, Ubuntu and Firefox trust CNNIC(China Internet Network Information Center) as root CA. CNNIC has implemented (and tried to mask) internet censorship, produced malware and has very bad security practices. Tech-savvy users in China have been protesting the inclusion of CNNIC as a trusted certificate authority for years. You can go to https://en.greatfire.org/blog/2014/oct/apple-and-microsoft-trust-chinese-government-protect-your-communication to see more details and test whether you're vulnerable. We also present method to revoke all dubious Chinese CA. Percy Alpha(PGP <https://en.greatfire.org/contact#alt>) GreatFire.org Team
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
