[liberationtech] Did Syria replace Facebook's security certificate with a forged one?

Fri May 6 02:44:06 PDT 2011

It was correctly understood.

Seems like the Arabs need to learn the hard way that Facebook et al. are
NOT their friends in "social networking" - and why is it bad when the
Syrian (!) gov't can read what Syrians are doing on Facebook, when noone
complains about the US can read what Syrians are doing on Facebook?
(Subpoena ...).

The US can also access the unencrypted data of all the popular social
networks, because they are hosted in the US - and they do it every day.

The Federal agencies can even install trojan horses on peoples computers
and not just intercept a SINGLE certificate but - suprise - each and
every encryption.

So what's the point with the Syrians doing basically the same (different
way but same result)?

I thought we were past the "let's blame the 'Axis of Evil' for
everything we do ourselves" mind set.

On 05.05.2011 21:11, Jillian York wrote:
> I think perhaps the person misunderstood - it's the Syrian gov't (via its
> gov't-controlled ISP) faking the certs.  It is NOT Facebook doing the
> cert-faking.
> 
> On Thu, May 5, 2011 at 12:03 PM, <liberationtech at lewman.us> wrote:
> 
>> On Thu, May 05, 2011 at 08:45:05PM +0200, canconsulting at web.de wrote 5.4K
>> bytes in 72 lines about:
>> : Seriously: Can you name at least one advantage of the alleged
>> : certificate faking for Syrian internet users?
>>
>> Your question is confusing.  Using faked certs doesn't help Syrian
>> citizens, rather it puts them at risk.
>>
>> However, it does help the government.  The govt gets to
>> machine-in-the-middle all ssl traffic to facebook, decrypt it,
>> parse/record/store the unencrypted data, and then go arrest/kill people
>> with proof of content against the state. Or the data can be used to
>> unmask social networks of people friendly to the cause of protesting,
>> etc.
>>
>> This same mitm has happened in Tunisia, Iran, Burma, and suspected in
>> many other countries.  In fact, you can buy hardware to do this from US
>> companies, like Bluecoat or Packet Forensics.  Or just roll your own
>> with one of the many mitmproxy projects out there, like
>> http://mitmproxy.org/.
>>
>> --
>> Andrew
>> pgp key: 0x74ED336B
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>>
>> Should you need to change your subscription options, please go to:
>>
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>> If you would like to receive a daily digest, click "yes" (once you click
>> above) next to "would you like to receive list mail batched in a daily
>> digest?"
>>
>> You will need the user name and password you receive from the list
>> moderator in monthly reminders.
>>
>> Should you need immediate assistance, please contact the list moderator.
>>
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>>
> 
> 
> 
> 
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech