[liberationtech] French Government doing SSL MITM
andrew cooke
andrew at acooke.org
Sun Dec 8 08:14:48 PST 2013
Google detected it and informed the French -
http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html
Despite it being used on a private network, and with user consent, it is
reportedly a violation of procedures. Google classify it as a "serious
breach".
Andrew
On Sun, Dec 08, 2013 at 06:05:42PM +0200, Maxim Kammerer wrote:
> On Sun, Dec 8, 2013 at 2:34 PM, Fabio Pietrosanti (naif)
> <lists at infosecurity.ch> wrote:
> > a very dirty fact happened yesterday that still didn't have the
> > appropriate attention.
>
> An actual summary: someone at French MoF used the wrong certificates
> to sign domains for an internal DPI proxy, and the agency in charge of
> network security then notified Google in order to revoke the relevant
> certificates. The end.
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
More information about the liberationtech
mailing list