[liberationtech] Did Syria replace Facebook's security certificate with a forged one?
CAN Consulting
canconsulting at web.de
Thu May 5 11:45:05 PDT 2011
Facebook has security? *scnr*
Seriously: Can you name at least one advantage of the alleged
certificate faking for Syrian internet users?
On 05.05.2011 20:32, Rebecca MacKinnon wrote:
> http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/print/
>
> Did Syria replace Facebook's security certificate with a forged one?
>
> Posted By *Anas Qtiesh* On 5 May 2011 @ 1:11 am In *
> Advocacy,Feature,News,Syria,activism* | *No
> Comments<http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/print/#comments_controls>
> *
>
> *Ana Souri *[I'm Syrian in Arabic] tumblr user is
> claiming<http://anasouri.tumblr.com/post/5197803121>
> [1][ar] that Syrian Telecom Ministry has replaced Facebook's security
> certificate with a forged one that makes it easy to spy on users, record
> their passwords, and view their private content.
>
> The post notes that the browser would alert users to the untrusted
> certificate issue, but says that most people would allow an exception for
> the suspicious certificate because they might not really understand what's
> going on. This coincides with multiple Syrian users reporting inability to
> access the site at all suspecting it was blocked again.
>
> *Ana Souri *explained how to check for the authenticity of the certificate
> and linked to the company that issues Facebook's original SSL certificate:
>
> Tools-> Page Info
> then press the security tab
> then click on view certificate
>
> المفروض تكون مأصدرة من من هالموقع:[should be released from this site]
> http://www.digicert.com/welcome/who-uses-digicert.htm [2]
>
> The following image shows a comparison between the fake certificate (left)
> and the original one (right).
> “]<http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg>
> [3]
>
> Fake vs. Original SSL certificates. Courtesy of Ana Souri. [click to enlarge
> Affected users should locate and remove the exception by doing the following
> steps:
>
> Tools -> Options -> Advanced -> Encryption -> View Certificates -> Servers
>
> There, they would be able to locate and delete the exceptions. It's also
> recommended that users use anonymity and security tools such as
> TOR<https://www.torproject.org/>
> [4] to connect and then change their password.
>
> *Disclaimer*: While the above post is being circulated with breathtaking
> speed among Syrian internet users, I'm still trying to verify the claims
> explained above as we don't have concrete proof of their validity beyond
> that tumblr post. If you have info you want to share on the topic, please
> use the contact form to reach me directly, or leave a comment on the post
> and I will update the article with any relevant info.
> ------------------------------
>
> Article printed from Global Voices Advocacy: *
> http://advocacy.globalvoicesonline.org*
>
> URL to article: *
> http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/
> *
>
> URLs in this post:
>
> [1] is claiming: *http://anasouri.tumblr.com/post/5197803121*
>
> [2] http://www.digicert.com/welcome/who-uses-digicert.htm: *
> http://www.digicert.com/welcome/who-uses-digicert.htm*
>
> [3] Image: *
> http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg
> *
>
> [4] TOR: *https://www.torproject.org/*
More information about the liberationtech
mailing list