[liberationtech] Man-in-the-middle attack on GitHub in China
x z
xhzhang at gmail.com
Tue Jan 29 21:04:12 PST 2013
This is a great piece Martin! Thanks for the thorough analysis, explanation
and documentation.
I have two comments:
1. It is a bit sad that the petition "People who help internet censorship,
builders of Great Firewall in China for example, should be denied entry to
the U.S.<https://petitions.whitehouse.gov/petition/people-who-help-internet-censorship-builders-great-firewall-china-example-should-be-denied-entry-us/5bzJkjCL>
" only got 9,024 signatures after 6 days. Yes, the petition is merely
symbolic, but it *is* symbolic. I do hope significantly more people can
sign it, otherwise, the GFW operators and Chinese authority can laugh their
way home, "see, so few people care!". I hope activists on this mailing list
can help spreading the word, 26 days remaining.
2. Even though HTTPS traffic is nontrivial to tackle, GFW has a much
simpler solution for it. GFW can deteriorate the user experience of HTTPS
websites, e.g. injecting random resets to HTTPS connections. People can
still use the site, but it becomes slow and unstable, gradually more and
more will switch away to use domestic replacement. It is a slow process,
but can be a successful one.
Cheers,
Tom
2013/1/29 Martin Johnson <greatfire at greatfire.org>
> At around 8pm, on January 26, reports appeared on Weibo and Twitter that
> users in China trying to access GitHub.com were getting warning messages
> about invalid SSL certificates. The evidence, listed further down in this
> post, indicates that this was caused by a man-in-the-middle attack. Full
> post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle
>
> One interesting conclusion is that support for HTTP Strict Transport
> Security in Chrome and Firefox makes a real difference. If
> man-in-the-middle attacks become more common in China, preventing users
> from adding exceptions and making the warning messages informative is
> crucial. We need to find ways to convince users to use browsers that
> support these safety measures. Currently, around 50% of Internet users in
> China use either the 360 so-called Safety Browser (which is a very ironic
> name) or Internet Explorer 6 (yes, it lives on in China).
>
> Martin Johnson
> Founder
> https://GreatFire.org - Monitoring Online Censorship In China.
> https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search.
> https://Unblock.cn.com - We Can Unblock Your Website In China.
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130129/9ba34edc/attachment.html>
More information about the liberationtech
mailing list