阅读:3478回复:13
这下CNNIC被逮着了
证据:
https://drive.google.com/file/d/0B_OzbbAp1CG5NXVrYmFPbFhUV2s/view?usp=sharing Goolge发的原始消息 http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html Mozilla发的评论 https://blog.mozilla.org/security/2015/03/23/revoking-trust-in-one-cnnic-intermediate-certificate/ On Friday, March 20th, we became aware ofCNNIC给埃及某中级CA颁发了不受限的证书,然后那家中级CA发布了伪证书。目前Google和Mozilla撤销了那家CA的证书 有空检查一下证书列表里CNNIC和China Internet Network Information Center的两个根证书的信任情况,Hongkong Post也可以考虑一下 如果极度关心安全不怕麻烦,可以考虑安装这个扩展,在网站证书变化时进行通知 https://addons.mozilla.org/firefox/addon/certificate-patrol/ 顺便可以回顾一下5年前报的bug https://bugzilla.mozilla.org/show_bug.cgi?id=542689 |
|
1楼#
发布于:2015-03-24 20:21
读一下Mozilla的消息,有个细节
CNNIC issued an unconstrained intermediate certificate that was labeled as a test certificate and had a two week validity, expiring April 3, 2015. Their customer loaded this certificate into a firewall device which performed SSL MITM给了人至少2周不受限的权限 |
|