Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Did Syria replace Facebook's security certificate with a forged one?

liberationtech at liberationtech at
Thu May 5 12:03:01 PDT 2011

On Thu, May 05, 2011 at 08:45:05PM +0200, canconsulting at wrote 5.4K bytes in 72 lines about:
: Seriously: Can you name at least one advantage of the alleged
: certificate faking for Syrian internet users?

Your question is confusing.  Using faked certs doesn't help Syrian
citizens, rather it puts them at risk. 

However, it does help the government.  The govt gets to
machine-in-the-middle all ssl traffic to facebook, decrypt it,
parse/record/store the unencrypted data, and then go arrest/kill people
with proof of content against the state. Or the data can be used to
unmask social networks of people friendly to the cause of protesting,

This same mitm has happened in Tunisia, Iran, Burma, and suspected in
many other countries.  In fact, you can buy hardware to do this from US
companies, like Bluecoat or Packet Forensics.  Or just roll your own
with one of the many mitmproxy projects out there, like

pgp key: 0x74ED336B

More information about the liberationtech mailing list