[SSL Observatory] Syrian fake certificate for Facebook

[Danny O'Brien]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/

http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg

Looks like it's not signed by a vouched CA. 

I've actually had a smattering of reports of such fake (but not CA-signed) certificates in the wild from across the world (Central America, S.E. Asia, and now the Middle East). The explanation could be as much the widespread use of MiTM tools by petty criminals in cyber-cafes aimed at tourists as they are by state attackers – I get to hear about their use in repressive regimes more, but that might be just selection bias at work.

Does anyone else see more of these examples? Enough to see a trend, either in casual criminal use in easily MiTM environments, or on wired ISPs (implying a more established adversary)?

d.

- -- 
Danny O'Brien
Internet Advocacy Coordinator
Committee to Protect Journalists
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iQIcBAEBAgAGBQJNwwhkAAoJEOUAGQaj/eReubwP/294joHV2SHikHGQNw9NDxSN
9hwdFmqcwcxNW+dXW1HO9kFlLE2rFEDvLOKztLxSdVODuENrU7nA5m15CG32a/8a
3pGO72wx6lagnr27g9Lpuzx6VTB61xC8uzRTQrmso5JIweD0EZPh3vpzNNCxFUTz
cx1H+Q4dfnRBDDsgVyHynApTYrUryN0FUdNTZCwxWB888dhDtlL5qM3Hao/hAd5T
4cRrs6IXamL5GlL9ArAXr6PLQn8x8nKeltZnYXFAJCLzVDoZw8/cFRgAfJy2OtUz
hH2aUyT2+OiLTk6q59UNkTwQDhXIO2l3KelVb6IEzPRfiUO6nBuLr6tVkhPDR0x6
Xmb0P+Y46Bah7fWZhHXI9GmqyDF0oLUZPrqa7QZv1irSYm18AM+3oQOMtRK7ouvZ
Hgd6Mf3FRNxYR0w9GhC3aDAZktQkKt+g+KQCTFyDdPNXk37xumOrCJfQBWCqDRKs
wG2GIZvfu5xRKmdm8PFuYyAkBzyxQLu8tSdlI0VmdhsicibSj/u+U2YbkNOiS1eN
Kn5Hk+0GPjzaE26utWGFS7KsOHfZ1SeZX+WBgZ5A2kakRTfBaSicT6NNI/Qd6jYF
q05/t1tAjip+sfoBhLHf39ykGnZcHFYEJrU8LBrP6NJ1Z8UMWfJEHYTRk7LSWtqt
dYobXYwBJPulQNwferWP
=9Mhl
-----END PGP SIGNATURE-----