[SSL Observatory] New bad Google MITM cert

Ralf Skyper Kaiser skyper at thc.org
Wed Dec 11 06:13:16 PST 2013 

Hi,

are any details available about the SSL Proxy product or device vendor?

(Why did mozilla (https://bugzilla.mozilla.org/show_bug.cgi?id=946351)
remove the information
about the device vendor from the bugtracker? I'm just curious and
forwarding questions I got from reporters).

The comments also mention "..although it is odd that the certificate was
observed outside of France". Are any more details available?

At which location was the SSL Proxy used and which Internet traffic was
affected?

thanks & regards,

ralf


On Mon, Dec 9, 2013 at 8:42 PM, Ralf Skyper Kaiser <skyper at thc.org> wrote:

> Incredible.
>
> I added the incident to https://wiki.thc.org/ssl#OtherIncidents
>
> Also updated https://wiki.thc.org/ssl#BrowserManufactureFailedUs
>
> And while at it https://wiki.thc.org/ssl#EtisalatBreach (which is a prime
> example of a Bad Player who we are all forced to trust).
>
> The posting mentions "[..] we are carefully considering what additional
> actions may be necessary."
>
> Are there any details available?
>
> Is anyone doing an investigation?
>
> Will there be more public information available?
>
>
> Seth: great work. Thanks.
>
> regards,
>
> skyper
>
>
> On Sat, Dec 7, 2013 at 10:05 PM, Seth Schoen <schoen at eff.org> wrote:
>
>>
>> http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html
>>
>> They caught it with pinning.  I wonder if we have a sample; it sounds
>> like it was an extremely small-scale attack (a single organization got
>> an intermediate chaining to a publicly-trusted root in order to spy on
>> employees with its firewall?).  If that was the entire scope of it,
>> it's relatively unlikely that anyone in that organization is sending
>> observations to us, maybe depending on how large the organization is
>> and whether they prevent desktop users from installing third-party
>> software.
>>
>> --
>> Seth Schoen  <schoen at eff.org>
>> Senior Staff Technologist                       https://www.eff.org/
>> Electronic Frontier Foundation                  https://www.eff.org/join
>> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/observatory/attachments/20131211/a3a7cb37/attachment.html>

More information about the Observatory mailing list