[liberationtech] Man-in-the-middle attack on GitHub in China
Martin Johnson
greatfire at greatfire.org
Tue Jan 29 20:11:48 PST 2013
At around 8pm, on January 26, reports appeared on Weibo and Twitter that
users in China trying to access GitHub.com were getting warning messages
about invalid SSL certificates. The evidence, listed further down in this
post, indicates that this was caused by a man-in-the-middle attack. Full
post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle
One interesting conclusion is that support for HTTP Strict Transport
Security in Chrome and Firefox makes a real difference. If
man-in-the-middle attacks become more common in China, preventing users
from adding exceptions and making the warning messages informative is
crucial. We need to find ways to convince users to use browsers that
support these safety measures. Currently, around 50% of Internet users in
China use either the 360 so-called Safety Browser (which is a very ironic
name) or Internet Explorer 6 (yes, it lives on in China).
Martin Johnson
Founder
https://GreatFire.org - Monitoring Online Censorship In China.
https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search.
https://Unblock.cn.com - We Can Unblock Your Website In China.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130130/f9bd4e62/attachment.html>
More information about the liberationtech
mailing list