nationwide interception of Facebook & webmail login credentials in Tunisia
Passive PROFITS
passiveprofits at yahoo.com
Tue Jan 25 16:18:47 GMT 2011
That would not deal with the falsifying of certificates. Assuming the code-base of this is not intentional corrupt, the addition of an extension such as certpatrol is also required (a firefox extension), to notify one when the SSL cert swap by the government/ISP (using the browser accepted as 'true' passported C.A.(s) under their control) has taken place (a MiTM is in progress notification function). The other known way would be manual/local (each time) inspection of the cert fingerprint(s). e.g. you note Facebook's fingerprint then check each time it's got the same 'print. Then (once under notice the hack is under progress) you could retreat, or start playing your own pre-planned counter-measures ... depending on the peril of the situation, tactics, etc, call the government, depending on the nature of your business, etc.
:/
Best,
PP
--- On Tue, 1/25/11, Richard W.M. Jones <rich at annexia.org> wrote:
> From: Richard W.M. Jones <rich at annexia.org>
> Subject: Re: nationwide interception of Facebook & webmail login credentials in Tunisia
> To: "UK Cryptography Policy Discussion Group" <ukcrypto at chiark.greenend.org.uk>
> Date: Tuesday, January 25, 2011, 3:35 AM
>
> JGC's blog has the technical details:
>
> http://blog.jgc.org/2011/01/code-injected-to-steal-passwords-in.html
>
> Moral of the story is to use https:// URLs to fetch the
> initial form
> (ie. https://facebook.com/). The Firefox
> HTTPS-Everywhere extension
> automates this completely (https://www.eff.org/https-everywhere) -- no
> thought or technical skills required.
>
> Rich.
>
> --
> Richard Jones
> Red Hat
>
>
More information about the ukcrypto
mailing list