[SSL Observatory] New bad Google MITM cert

Ralf Skyper Kaiser skyper at thc.org
Tue Dec 10 03:29:24 PST 2013 

few more details

http://gigaom.com/2013/12/09/google-catches-french-finance-ministry-pretending-to-be-google/

floating around on irc:
https://www.imperialviolet.org/binary/anssi-chain.txt

regards,

skyper


On Mon, Dec 9, 2013 at 8:42 PM, Ralf Skyper Kaiser <skyper at thc.org> wrote:

> Incredible.
>
> I added the incident to https://wiki.thc.org/ssl#OtherIncidents
>
> Also updated https://wiki.thc.org/ssl#BrowserManufactureFailedUs
>
> And while at it https://wiki.thc.org/ssl#EtisalatBreach (which is a prime
> example of a Bad Player who we are all forced to trust).
>
> The posting mentions "[..] we are carefully considering what additional
> actions may be necessary."
>
> Are there any details available?
>
> Is anyone doing an investigation?
>
> Will there be more public information available?
>
>
> Seth: great work. Thanks.
>
> regards,
>
> skyper
>
>
> On Sat, Dec 7, 2013 at 10:05 PM, Seth Schoen <schoen at eff.org> wrote:
>
>>
>> http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html
>>
>> They caught it with pinning.  I wonder if we have a sample; it sounds
>> like it was an extremely small-scale attack (a single organization got
>> an intermediate chaining to a publicly-trusted root in order to spy on
>> employees with its firewall?).  If that was the entire scope of it,
>> it's relatively unlikely that anyone in that organization is sending
>> observations to us, maybe depending on how large the organization is
>> and whether they prevent desktop users from installing third-party
>> software.
>>
>> --
>> Seth Schoen  <schoen at eff.org>
>> Senior Staff Technologist                       https://www.eff.org/
>> Electronic Frontier Foundation                  https://www.eff.org/join
>> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/observatory/attachments/20131210/e54977f5/attachment.html>

More information about the Observatory mailing list