[liberationtech] French Government doing SSL MITM
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Sun Dec 8 04:34:56 PST 2013
Hi,
a very dirty fact happened yesterday that still didn't have the
appropriate attention.
The French Government ANSSI made a MITM against Google SSL/TLS:
http://googleonlinesecurity.blogspot.it/2013/12/further-improving-digital-certificate.html
Google does not mention who's ANSSI.
ANSSI is the French CyberSecurity agency, closely working with defense
and intelligence agencies:
http://www.ssi.gouv.fr/
ANSSI declare that they are generating fake-certificate for the purpose
to inspect SSL traffic:
"ANSSI has found that the intermediate CA certificate was used in a
commercial device, on a private network, to inspect encrypted traffic
with the knowledge of the users on that network. "
Google Detected the MITM and Blocked it:
https://code.google.com/p/chromium/issues/detail?id=326787
ANSSI issued a statement that it was a "Human Error" from someone from
the Finance Ministry:
http://www.ssi.gouv.fr/en/the-anssi/events/revocation-of-an-igc-a-branch-808.html
So, the summary of the story can be read as follow:
"A French Governmental Agency working on cybersecure with defense and
intelligence agencies admitted that they are doing SSL MITM and that,
due to a human error, they have been caught"
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
More information about the liberationtech
mailing list