This is directly relevant to the IRC discussion about pinning and ChatSecure from yesterday.
----- Original message ----- From: Percy Alpha <[email protected]> To: liberationtech <[email protected]> Subject: [liberationtech] China Internet Network Information Center is a trusted root CA Date: Tue, 28 Oct 2014 14:27:32 +0800 I'm Percy from GreatFire.org; the author of the report of the iCloud MITM in China <http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/apples-icloud-service-suffers-cyber-attack-in-china-putting-passwords-in-peril/> last week. The attacks used self-signed certificate. But I believe that targeted attacks using CNNIC CA is very possible if not happened already. Microsoft, Apple, Ubuntu and Firefox trust CNNIC(China Internet Network Information Center) as root CA. CNNIC has implemented (and tried to mask) internet censorship, produced malware and has very bad security practices. Tech-savvy users in China have been protesting the inclusion of CNNIC as a trusted certificate authority for years. You can go to https://en.greatfire.org/blog/2014/oct/apple-and-microsoft-trust-chinese-government-protect-your-communication to see more details and test whether you're vulnerable. We also present method to revoke all dubious Chinese CA. Percy Alpha(PGP <https://en.greatfire.org/contact#alt>) GreatFire.org Team -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected]. -- Nathan of Guardian [email protected] _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
