The Chinese computer scientists who helped build the country’s infamous Great Firewall may have been responsible for a man-in-the-middle attack on users of GitHub after they were named and shamed on the social code sharing site. This is the theory put forward by GreatFire.org, a not-for-profit organisation which monitors and …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 31st January 2013 09:24 GMT Anonymous Coward

The future of SSL

How long before it is mandated that every browser in China has a trusted root certificate that is controlled by the ruling party.

There would then be no indication of a MITM attack and it wouldn't prove a visible annoyance to most users.

Every SSL packet could then be DPI'd.

1 0
1. Thursday 31st January 2013 23:20 GMT Destroy All Monsters
  
  Re: The future of SSL
  
  > There would then be no indication of a MITM attack
  
  I don't see this. The browser checks the chain that the remote server presents. And if you want an SSL connection, that chain has to check out.
  
  0 1
  1. Friday 1st February 2013 00:22 GMT Anonymous Coward
    
    Re: The future of SSL
    
    If you control the trusted certificate root server you have ability to create any certs you want.
    
    0 0
Sunday 3rd February 2013 11:04 GMT Adam Inistrator

if you have some control over "your" browser

I would like to be able to tie https sites to specific certificates in my browser. Then I wouldnt have to check the certificate every time I visited the site to be sure that one of the zillion other root certs installed in my browser wasnt being used. eg I should be able to tell my browser to only say https hsbc is valid if it is signed verisign not any other root cert like neverheardofthem.com. i couldnt get firefox addins to do that on all platforms. any tips?

0 0