Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Y! / SSL

Bill Cox waywardgeek at gmail.com
Mon Oct 6 02:53:59 PDT 2014


On Mon, Oct 6, 2014 at 5:37 AM, Eric S Johnson <crates at oneotaslopes.org>
wrote:

> > > I just got back to CN from a vacation. I’m now (in all three main
> > > Windows browsers) seeing yahoo.com automatically flip over to
> > > HTTPS--and then give a bad cert error. The *root* cert is listed as
> > > yahoo.com and is valid “23 Sep 14 to 23 Sep 15.”
>
> > GreatFire.org seems to have seen the same.  At least the certificate
> life time is
> > identical:
> > <https://twitter.com/GreatFireChina/status/516872770270269440>
>
> That's exciting. For the record, "the problem" occurred this morning, but
> is now no longer in evidence. (I've been out of the country for a week, so
> wouldn't've noticed the problem until now.)
>
> Best,
> Eric
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>

Here's a link to an analysis of the MITM attack.

http://www.netresec.com/?page=Blog&month=2014-10&post=Verifying-Chinese-MITM-of-Yahoo

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141006/40e1a85c/attachment.html>


More information about the liberationtech mailing list