Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Did Syria replace Facebook's security certificate with a forged one?

CAN Consulting canconsulting at web.de
Thu May 5 11:45:05 PDT 2011


Facebook has security? *scnr*

Seriously: Can you name at least one advantage of the alleged
certificate faking for Syrian internet users?




On 05.05.2011 20:32, Rebecca MacKinnon wrote:
> http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/print/
> 
> Did Syria replace Facebook's security certificate with a forged one?
> 
> Posted By *Anas Qtiesh* On 5 May 2011 @ 1:11 am In *
> Advocacy,Feature,News,Syria,activism* | *No
> Comments<http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/print/#comments_controls>
> *
> 
> *Ana Souri *[I'm Syrian in Arabic] tumblr user is
> claiming<http://anasouri.tumblr.com/post/5197803121>
>  [1][ar] that Syrian Telecom Ministry has replaced Facebook's security
> certificate with a forged one that makes it easy to spy on users, record
> their passwords, and view their private content.
> 
> The post notes that the browser would alert users to the untrusted
> certificate issue, but says that most people would allow an exception for
> the suspicious certificate because they might not really understand what's
> going on. This coincides with multiple Syrian users reporting inability to
> access the site at all suspecting it was blocked again.
> 
> *Ana Souri *explained how to check for the authenticity of the certificate
> and linked to the company that issues Facebook's original SSL certificate:
> 
> Tools-> Page Info
> then press the security tab
> then click on view certificate
> 
> المفروض تكون مأصدرة من من هالموقع:[should be released from this site]
> http://www.digicert.com/welcome/who-uses-digicert.htm [2]
> 
> The following image shows a comparison between the fake certificate (left)
> and the original one (right).
> “]<http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg>
> [3]
> 
> Fake vs. Original SSL certificates. Courtesy of Ana Souri. [click to enlarge
> Affected users should locate and remove the exception by doing the following
> steps:
> 
> Tools -> Options -> Advanced -> Encryption -> View Certificates -> Servers
> 
> There, they would be able to locate and delete the exceptions. It's also
> recommended that users use anonymity and security tools such as
> TOR<https://www.torproject.org/>
>  [4] to connect and then change their password.
> 
> *Disclaimer*: While the above post is being circulated with breathtaking
> speed among Syrian internet users, I'm still trying to verify the claims
> explained above as we don't have concrete proof of their validity beyond
> that tumblr post. If you have info you want to share on the topic, please
> use the contact form to reach me directly, or leave a comment on the post
> and I will update the article with any relevant info.
> ------------------------------
> 
> Article printed from Global Voices Advocacy: *
> http://advocacy.globalvoicesonline.org*
> 
> URL to article: *
> http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/
> *
> 
> URLs in this post:
> 
> [1] is claiming: *http://anasouri.tumblr.com/post/5197803121*
> 
> [2] http://www.digicert.com/welcome/who-uses-digicert.htm: *
> http://www.digicert.com/welcome/who-uses-digicert.htm*
> 
> [3] Image: *
> http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg
> *
> 
> [4] TOR: *https://www.torproject.org/*



More information about the liberationtech mailing list