Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Man-in-the-middle attack on GitHub in China

Jacob Appelbaum jacob at appelbaum.net
Wed Jan 30 01:00:00 PST 2013


x z:
> This is a great piece Martin! Thanks for the thorough analysis, explanation
> and documentation.
> 
> I have two comments:
> 
> 1. It is a bit sad that the petition "People who help internet censorship,
> builders of Great Firewall in China for example, should be denied entry to
> the U.S.<https://petitions.whitehouse.gov/petition/people-who-help-internet-censorship-builders-great-firewall-china-example-should-be-denied-entry-us/5bzJkjCL>
> " only got 9,024 signatures after 6 days. Yes, the petition is merely
> symbolic, but it *is* symbolic. I do hope significantly more people can
> sign it, otherwise, the GFW operators and Chinese authority can laugh their
> way home, "see, so few people care!". I hope activists on this mailing list
> can help spreading the word, 26 days remaining.


I think that reducing a worker's travel rights is a rather strange
tactic. It smacks of injustice. Borders as they exist today didn't exist
in such a way around one hundred years ago, do we really like that? Is
it such a good idea to promote a culture of control simply because in
the short term "we" somehow benefit from it? I think the answer is no
but I admit, I have a real big chip on my shoulder about harassment in
US customs.

I would encourage people not to sign such a petition. It is a symbol and
it is a symbol of a control society hell bent on using coercive force of
any kind to produce results. We should be better.

> 
> 2. Even though HTTPS traffic is nontrivial to tackle, GFW has a much
> simpler solution for it. GFW can deteriorate the user experience of HTTPS
> websites, e.g. injecting random resets to HTTPS connections. People can
> still use the site, but it becomes slow and unstable, gradually more and
> more will switch away to use domestic replacement. It is a slow process,
> but can be a successful one.
> 

Indeed - we are seeing this exact strategy in many places in the world
right now.

All the best,
Jacob

> Cheers,
> 
> Tom
> 
> 2013/1/29 Martin Johnson <greatfire at greatfire.org>
> 
>> At around 8pm, on January 26, reports appeared on Weibo and Twitter that
>> users in China trying to access GitHub.com were getting warning messages
>> about invalid SSL certificates. The evidence, listed further down in this
>> post, indicates that this was caused by a man-in-the-middle attack. Full
>> post at https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle
>>
>> One interesting conclusion is that support for HTTP Strict Transport
>> Security in Chrome and Firefox makes a real difference. If
>> man-in-the-middle attacks become more common in China, preventing users
>> from adding exceptions and making the warning messages informative is
>> crucial. We need to find ways to convince users to use browsers that
>> support these safety measures. Currently, around 50% of Internet users in
>> China use either the 360 so-called Safety Browser (which is a very ironic
>> name) or Internet Explorer 6 (yes, it lives on in China).
>>
>> Martin Johnson
>> Founder
>> https://GreatFire.org - Monitoring Online Censorship In China.
>> https://FreeWeibo.com - Uncensored, Anonymous Sina Weibo Search.
>> https://Unblock.cn.com - We Can Unblock Your Website In China.
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 




More information about the liberationtech mailing list