Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Man-in-the-middle attack on GitHub in China

Martin Johnson greatfire at greatfire.org
Tue Jan 29 20:11:48 PST 2013


At around 8pm, on January 26, reports appeared on Weibo and Twitter that
users in China trying to access GitHub.com were getting warning messages
about invalid SSL certificates. The evidence, listed further down in this
post, indicates that this was caused by a man-in-the-middle attack. Full
post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle

One interesting conclusion is that support for HTTP Strict Transport
Security in Chrome and Firefox makes a real difference. If
man-in-the-middle attacks become more common in China, preventing users
from adding exceptions and making the warning messages informative is
crucial. We need to find ways to convince users to use browsers that
support these safety measures. Currently, around 50% of Internet users in
China use either the 360 so-called Safety Browser (which is a very ironic
name) or Internet Explorer 6 (yes, it lives on in China).

Martin Johnson
Founder
https://GreatFire.org - Monitoring Online Censorship In China.
https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search.
https://Unblock.cn.com - We Can Unblock Your Website In China.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130130/f9bd4e62/attachment.html>


More information about the liberationtech mailing list