[liberationtech] Man-in-the-middle attack on GitHub in China

[x z]

2013/1/30 Matt Mackall <mpm at selenic.com>

> On Wed, 2013-01-30 at 13:15 -0600, Matt Mackall wrote:
> > On Wed, 2013-01-30 at 09:55 -0800, x z wrote:
> > > @Nadim, I think breaking in a CA is a rather serious crime that GFW
> would
> > > refrain from committing;
> >
> > Unlike, say, breaking into the Tibetan government-in-exile, Google and
> > hundreds of other companies?
>
> From today's news:
>
>
> https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html
>
> Interesting. The following from this article is alarming:

"Security experts found evidence that the hackers stole the corporate
passwords for every Times employee and used those to gain access to the
personal computers of 53 employees, most of them outside The Times’s
newsroom."

Does Times store these passwords in plain text?

But still, hacking of this kind is very different in nature to "breaking
into a CA and forge valid certificates". These targeted hacking incidents
can be traced to China, but Chinese authority can easily deny the state
sponsorship. For the github case, China's motivation is to disrupt the
entire site, so if China "breaks into a CA and forges valid certificates",
it is going to be deployed to the entire GFW, which, Chinese government can
be held responsible. If they rely on CNNIC, then they'll risk CNNIC's root
CA status getting revoked.

However, like many people have mentioned, China may reserve CNNIC for
highly targeted attacks, i.e. on individual dissidents.

Best,

 --
> Mathematics is the supreme nostalgia of our time.
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130130/9d524484/attachment.html>