British mobile ISP SSL MITM attack for the purposes of censorship

cjbprime9y ago· 2 in thread

Are the certs self-signed?

It doesn't appear so, the certificates appear to be signed by Cisco, presumably on some kind of dedicated hardware firewall designed to filter - but it's entirely possible that the service is being ran by Cisco and they're generating false certificates on-the-fly as part of the interception.

cjbprime9y ago

Can you post full data for an example certificate?

viraptor9y ago

More about the product: https://umbrella.cisco.com/products/features

Seems like a very misconfigured deployment, since no normal mobile user will use third party CA to connect via Three. I don't expect that this is on purpose.

When they did them same thing at OpenDNS (https://www.snip2code.com/Snippet/1503745/opendns-is-man-in-...) the certificate was valid only for 3 days:

        Issuer: CN=Cisco Umbrella Secondary SubCA nyc-SG, O=Cisco
        Validity
            Not Before: Oct 18 20:32:18 2016 GMT
            Not After : Oct 23 20:32:18 2016 GMT

Shanea93OP9y ago

Full disclosure, that's my post, I just thought it would be relevant to your interests. It's deplorable how they're putting tools in place to infringe on the privacy of an entire country using such dangerous tools as _wikipedia_.

British mobile ISP SSL MITM attack for the purposes of censorship (opens in new tab)

British mobile ISP SSL MITM attack for the purposes of censorship (opens in new tab)

5 comments

5 comments