[guardian-dev] Fwd: [liberationtech] China Internet Network Information Center is a trusted root CA
Nathan of Guardian
nathan at guardianproject.info
Tue Oct 28 09:45:59 EDT 2014
This is directly relevant to the IRC discussion about pinning and
ChatSecure from yesterday.
----- Original message -----
From: Percy Alpha <percyalpha at gmail.com>
To: liberationtech <liberationtech at lists.stanford.edu>
Subject: [liberationtech] China Internet Network Information Center is a
trusted root CA
Date: Tue, 28 Oct 2014 14:27:32 +0800
I'm Percy from GreatFire.org; the author of the report of the iCloud
MITM
in China
<http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/apples-icloud-service-suffers-cyber-attack-in-china-putting-passwords-in-peril/>
last
week. The attacks used self-signed certificate. But I believe that
targeted
attacks using CNNIC CA is very possible if not happened already.
Microsoft, Apple, Ubuntu and Firefox trust CNNIC(China Internet Network
Information Center) as root CA. CNNIC has implemented (and tried to
mask)
internet censorship, produced malware and has very bad security
practices.
Tech-savvy users in China have been protesting the inclusion of CNNIC as
a
trusted certificate authority for years.
You can go to
https://en.greatfire.org/blog/2014/oct/apple-and-microsoft-trust-chinese-government-protect-your-communication
to see more details and test whether you're vulnerable. We also present
method to revoke all dubious Chinese CA.
Percy Alpha(PGP <https://en.greatfire.org/contact#alt>)
GreatFire.org Team
--
Liberationtech is public & archives are searchable on Google. Violations
of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at companys at stanford.edu.
--
Nathan of Guardian
nathan at guardianproject.info
More information about the Guardian-dev
mailing list