[liberationtech] China Internet Network Information Center is a trusted root CA
Percy Alpha
percyalpha at gmail.com
Mon Oct 27 23:27:32 PDT 2014
I'm Percy from GreatFire.org; the author of the report of the iCloud MITM
in China
<http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/apples-icloud-service-suffers-cyber-attack-in-china-putting-passwords-in-peril/>
last
week. The attacks used self-signed certificate. But I believe that targeted
attacks using CNNIC CA is very possible if not happened already.
Microsoft, Apple, Ubuntu and Firefox trust CNNIC(China Internet Network
Information Center) as root CA. CNNIC has implemented (and tried to mask)
internet censorship, produced malware and has very bad security practices.
Tech-savvy users in China have been protesting the inclusion of CNNIC as a
trusted certificate authority for years.
You can go to
https://en.greatfire.org/blog/2014/oct/apple-and-microsoft-trust-chinese-government-protect-your-communication
to see more details and test whether you're vulnerable. We also present
method to revoke all dubious Chinese CA.
Percy Alpha(PGP <https://en.greatfire.org/contact#alt>)
GreatFire.org Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141028/87716bc0/attachment.html>
More information about the liberationtech
mailing list