*---**THE HACKER NEWS**Chinese Government Accused of Intercepting Traffic Between Google and CERNET!!@"-(Monday, September 08, 2014**Mohit Kumar)**-
---**黑客新聞**中國政府指責攔截通信之間的谷歌和CERNET的!@“ - (週一,2014年9月8日**莫希特庫馬爾)**-
---**해커 뉴스**구글과 CERNET 간의 트래픽을 가로 채기 고발 중국 정부! @"- (2014년 9월 8일 (월요일)**Mohit 쿠마) **-
---**LES NOUVELLES HACKER**gouvernement chinois accusé d'intercepter du trafic entre Google et CERNET !! @ "- (lundi, Septembre 08, 2014**Mohit Kumar) **-
---**LA NOTIZIA HACKER**governo cinese Accusato di intercettare il traffico tra Google e CERNET !! @ "- (Lunedi, September 08, 2014 ** Mohit Kumar) **-
--- ** ANG MGA BALITA Hacker ** Chinese Gobyerno inakusahan ng Intercepting Trapiko Sa pagitan ng Google at CERNET !! @ "- (Lunes Septiyembre 8, 2014 ** Mohit Kumar) ** -
**USA/UK/TW/MACAU(FDZ)/KOREN/FR/IT/PH/.......All The World City Lauguage**-
*
**--Please use Google with a
large family of God translator to translate your country / language city Oh ^ ^
--請各位用家善用谷歌大神的翻譯器,來翻譯你們的國家/城市的語言喔^^
--Por favor, use o Google com
uma grande familia de Deus tradutor para traduzir sua cidade pais / idioma Oh ^
^
--** - 국가 / 언어 시 를 번역하는 하나님 번역기 의 큰 가족과 함께 구글을 사용하십시오 아 ^ ^
--S'il vous plait utilisez
Google avec une grande famille de Dieu traducteur pour traduire votre ville de
pays / langue Oh ^ ^
--Bitte verwenden Sie Google
mit einer grosen Familie Gottes Ubersetzer zu Ihrem Land / Sprache ubersetzen
Stadt Oh ^ ^
--*** - あなたの国/言語の街を翻訳する神トランスレータの大きなファミリーでGoogleを使用してくださいああ^ ^
** - Sila gunakan Google dengan
keluarga besar penterjemah Tuhan untuk menterjemahkan bandar negara / bahasa
anda Oh ^ ^
--** - Utilice Google con una
gran familia de Dios traductor para traducir tu ciudad país / idioma Oh ^ ^
** - Si prega di utilizzare
Google con una grande famiglia di Dio traduttore per tradurre la tua città paese / lingua Oh ^ ^
--Sila gunakan Google dengan
keluarga besar penterjemah Tuhan untuk menterjemahkan bandar negara / bahasa
anda Oh ^ ^
--Bonvole uzu Google kun
granda familio de Dio tradukisto traduki via lando / lingvo urbon Ho ^ ^
*
http://thehackernews.com/2014/09/government-accused-of-intercepting.html
---**THE HACKER NEWS**Chinese Government Accused of Intercepting Traffic Between Google and CERNET!!@"-(Monday, September 08, 2014**Mohit Kumar)**-
Chinese Government Accused of Intercepting Traffic Between Google and CERNET
- See more at: http://thehackernews.com/2014/09/government-accused-of-intercepting.html#sthash.0Ekn6wea.dpuf
So
far, we all are well aware of the fact that Chinese have had a past
filled with cases of Cyber Crime. China is the world’s largest exporter
of IT goods, but it has been criticized by many countries due to
suspected backdoors in its products, including United States which has
banned its several major government departments, including NASA, Justice
and Commerce Departments, from purchasing Chinese products and computer
technology. The new exposure indicates the same.
Chinese Government is running a man-in-the-middle (MitM) cyber attack campaign on SSL encrypted traffic between the country’s education network and Google.
In an effort to monitor its users of China Education and Research Network (CERNET),
Chinese authorities has started intercepting encrypted traffic to and
from Google’s servers, the non-profit organization GreatFire reported on
Thursday.
However, just like many other foreign websites, Google is blocked in
China. Because Google is one of the vast and valuable website for
research purpose, Chinese authorities allow access to it through CERNET,
a nationwide education and research computer network.
The story broke when CERNET users started reporting on social media
websites that they are receiving warning messages about invalid SSL
certificates when they try to access google.com and google.com.hk
through CERNET.
According to the non profit organisation GreatFire, the Chinese
authorities have launched a man-in-the-middle (MitM) attack against the
encrypted traffic between CERNET and Google in an effort to control the
media as well as messages on all fronts.
The present authorities feel that blocking Google might receive an angry
rebuttal from students, researchers, and educators throughout the
country, so MitM attack will solve the purpose.
“Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose. By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results,” GreatFire reported in a blog post.
With the help of MitM attack, Chinese authorities were spying on users’
search queries and their results. GreatFire said that they concluded the
result after following the expert advice from Netresec, a
security-based company that analyzed the MITM attacks on Github.
Until last month, CERNET users could able to access the search engine
Google freely, but after 28 August, there have been changes and users
receive a certificate expiration page warnings when they search for
something.
Experts believe that the devices which are performing MitM attack may be
injecting packets near the outer border of CERNET, the place where it
peers with external networks. However, Netresec researchers said that
it’s difficult to figure out how the attack was planned, but DNS
spoofing was certainly not used.
“It’s difficult to say exactly how the MITM attack was carried out, but we can dismiss DNS spoofing as the used method. A more probable method would be IP hijacking; either through a BGP prefix hijacking or some form of packet injection. However, regardless of how they did it the attacker would be able to decrypt and inspect the traffic going to Google,” Netresec researchers noted in a blog post.
This isn’t the first time Chinese government launched such attack, the
authorities conducted similar attacks in the past, in January 2013,
against developer site Github. Users of GitHub service in China reported
receiving warning messages about invalid SSL certificates.
So
far, we all are well aware of the fact that Chinese have had a past
filled with cases of Cyber Crime. China is the world’s largest exporter
of IT goods, but it has been criticized by many countries due to
suspected backdoors in its products, including United States which has
banned its several major government departments, including NASA, Justice
and Commerce Departments, from purchasing Chinese products and computer
technology. The new exposure indicates the same.
Chinese Government is running a man-in-the-middle (MitM) cyber attack campaign on SSL encrypted traffic between the country’s education network and Google.
In an effort to monitor its users of China Education and Research Network (CERNET),
Chinese authorities has started intercepting encrypted traffic to and
from Google’s servers, the non-profit organization GreatFire reported on
Thursday.
However, just like many other foreign websites, Google is blocked in
China. Because Google is one of the vast and valuable website for
research purpose, Chinese authorities allow access to it through CERNET,
a nationwide education and research computer network.
The story broke when CERNET users started reporting on social media
websites that they are receiving warning messages about invalid SSL
certificates when they try to access google.com and google.com.hk
through CERNET.
According to the non profit organisation GreatFire, the Chinese
authorities have launched a man-in-the-middle (MitM) attack against the
encrypted traffic between CERNET and Google in an effort to control the
media as well as messages on all fronts.
The present authorities feel that blocking Google might receive an angry
rebuttal from students, researchers, and educators throughout the
country, so MitM attack will solve the purpose.
“Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose. By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results,” GreatFire reported in a blog post.
With the help of MitM attack, Chinese authorities were spying on users’
search queries and their results. GreatFire said that they concluded the
result after following the expert advice from Netresec, a
security-based company that analyzed the MITM attacks on Github.
Until last month, CERNET users could able to access the search engine
Google freely, but after 28 August, there have been changes and users
receive a certificate expiration page warnings when they search for
something.
Experts believe that the devices which are performing MitM attack may be
injecting packets near the outer border of CERNET, the place where it
peers with external networks. However, Netresec researchers said that
it’s difficult to figure out how the attack was planned, but DNS
spoofing was certainly not used.
“It’s difficult to say exactly how the MITM attack was carried out, but we can dismiss DNS spoofing as the used method. A more probable method would be IP hijacking; either through a BGP prefix hijacking or some form of packet injection. However, regardless of how they did it the attacker would be able to decrypt and inspect the traffic going to Google,” Netresec researchers noted in a blog post.
This isn’t the first time Chinese government launched such attack, the
authorities conducted similar attacks in the past, in January 2013,
against developer site Github. Users of GitHub service in China reported
receiving warning messages about invalid SSL certificates.
Chinese Government is running a man-in-the-middle (MitM) cyber attack campaign on SSL encrypted traffic between the country’s education network and Google.
In an effort to monitor its users of China Education and Research Network (CERNET), Chinese authorities has started intercepting encrypted traffic to and from Google’s servers, the non-profit organization GreatFire reported on Thursday.
However, just like many other foreign websites, Google is blocked in China. Because Google is one of the vast and valuable website for research purpose, Chinese authorities allow access to it through CERNET, a nationwide education and research computer network.
The story broke when CERNET users started reporting on social media websites that they are receiving warning messages about invalid SSL certificates when they try to access google.com and google.com.hk through CERNET.
According to the non profit organisation GreatFire, the Chinese authorities have launched a man-in-the-middle (MitM) attack against the encrypted traffic between CERNET and Google in an effort to control the media as well as messages on all fronts.
The present authorities feel that blocking Google might receive an angry rebuttal from students, researchers, and educators throughout the country, so MitM attack will solve the purpose.
“Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose. By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results,” GreatFire reported in a blog post.
With the help of MitM attack, Chinese authorities were spying on users’ search queries and their results. GreatFire said that they concluded the result after following the expert advice from Netresec, a security-based company that analyzed the MITM attacks on Github.
Until last month, CERNET users could able to access the search engine Google freely, but after 28 August, there have been changes and users receive a certificate expiration page warnings when they search for something.
Experts believe that the devices which are performing MitM attack may be injecting packets near the outer border of CERNET, the place where it peers with external networks. However, Netresec researchers said that it’s difficult to figure out how the attack was planned, but DNS spoofing was certainly not used.
“It’s difficult to say exactly how the MITM attack was carried out, but we can dismiss DNS spoofing as the used method. A more probable method would be IP hijacking; either through a BGP prefix hijacking or some form of packet injection. However, regardless of how they did it the attacker would be able to decrypt and inspect the traffic going to Google,” Netresec researchers noted in a blog post.
This isn’t the first time Chinese government launched such attack, the authorities conducted similar attacks in the past, in January 2013, against developer site Github. Users of GitHub service in China reported receiving warning messages about invalid SSL certificates.
- See more at: http://thehackernews.com/2014/09/government-accused-of-intercepting.html#sthash.0Ekn6wea.dpuf
################################################
Authorities launch man-in-the-middle attack on Google
Submitted by percy on Thu, Sep 04, 2014
What happened?
From August 28, 2014 reports appeared on Weibo and Google Plus that users in China trying to access google.com and google.com.hk via CERNET, the country’s education network, were receiving warning messages about invalid SSL certificates. The evidence, which we include later in this post, indicates that this was caused by a man-in-the-middle attack.While the authorities have been blocking access to most things Google since June 4th, they have kept their hands off of CERNET, China’s nationwide education and research network. However, in the lead up to the new school year, the Chinese authorities launched a man-in-the-middle (MITM) attack against Google.
We broke the news about the MITM attack on Github in January 2013. To borrow from that blog post, Wikipedia defines a man-in-the-middle-attack in the following way:
The man-in-the-middle attack...is a form
of active eavesdropping in which the attacker makes independent
connections with the victims and relays messages between them, making
them believe that they are talking directly to each other over a private
connection, when in fact the entire conversation is controlled by the
attacker.
Why?
There is a clear incentive to implement a man-in-the-middle attack against Google. Google enforced HTTPS by default on March 12, 2014 in China and elsewhere. That means that all communication between a user and Google is encrypted by default. Only the end user and the Google server know what information is being searched and returned. The Great Firewall, through which all outgoing traffic from China passes, only knows that a user is accessing data on Google’s servers - not what that data is. This in turn means that the authorities cannot block individual searches on Google - all they can do is block the website altogether. This is what has happened on the public internet in China but has not happened on CERNET.The authorities know that if China is to make advances in research and development, if China is to innovate, then there must be access to the wealth of information that is accessible via Google. CERNET has long been considered hands off when it comes to censorship, for this very reason. Even long blocked services such as YouTube and Google+ are available via CERNET. In contract, on the public internet in China, Google Scholar is blocked and the China version of the site redirects users to the Hong Kong version of the site, which is also blocked.
Up until last month, access to Google remained relatively unfettered for those accessing the properties via CERNET. But as we have seen on just about every front, the current administration is hellbent on controlling the medium as well as the message. Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose. By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results.
Has it happened before?
At the beginning of last year, the Chinese authorities staged a country-wide MITM attack on Github.Will it happen again?
The short answer is yes. We predicted last year that because of the increased shift to encryption, man-in-the-middle attacks were likely to become an increasingly tempting choice for the authorities.The Details
There have been multiple user reports from those using CERNET about fake certificates when accessing Google. Netresec did a great forensic analysis of the MITM attack on Github. We contacted Netresec with the wire captures below. They concluded that all evidence indicates that a MITM attack is being conducted against traffic between China’s nationwide education and research network CERNET and Google. The machines performing the MITM attack are most likely injecting packets somewhere at the outer border of CERNET, where they are peering with external networks. Their full forensic analysis is available online.We do not have data ourselves to show how or if this happened. We have relied on the sources listed below. Many of these sources were used in this report on Solidot.
Screenshot taken by Weibo user
The screenshot shows the user trying to access Google using the Chrome browser and receiving a warning about an invalid SSL certificate. For Chrome and Firefox users, the browser won’t allow you to bypass the certificate warning for Google because Google enables HTTP Strict Transport Security (HSTS).
Another screenshot by the same user compared the certificate he received with a normal connection (on the left) and a connection under the man-in-the-middle attack (on the right).
Reports on Google Plus
https://plus.google.com/u/0/115822850906053020654/posts/EGW4NEd7z3N
https://plus.google.com/+duffJiang/posts/Dk5LrD7CiWM
WireShark capture files
We have some WireShark capture files. If you need to examine them, please contact us. Redacted versions appear in the Netresec report.
Copy of fake SSL certificate
Uploaded to Google drive (copy hosted by us). This fake certificate has been seen by multiple users. See below for a comparison of the current valid certificate and the fake one used during the attack.
#########################################
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
Netis Routers Leave Wide Open Backdoor
Aug25
|
6:41 pm (UTC-7) | by
Tim Yeh (Threat Researcher)
|
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device.
What is this backdoor? Simply put, it is an open UDP port listening at port 53413. This port is accessible from the WAN side of the router. This means that if the router in question has an externally accessible IP address (i.e., almost all residential and SMB users), an attacker from anywhere on the Internet can access this backdoor:
Figure 1. Netstat output, with web admin and backdoor ports highlighted
This backdoor is “protected” by a single, hardcoded password
located in the router’s firmware. Netcore/Netis routers appear to all
have the same password. This “protection” is essentially ineffective, as
attackers can easily log into these routers and users cannot modify
or disable this backdoor.Almost all Netcore/Netis routers appear to have this vulnerability, based on the information we examined. Using ZMap, to scan vulnerable routers, we found more than two million IP addresses with the open UDP port. Almost all of these routers are in China, with much smaller numbers in other countries, including but not limited to South Korea, Taiwan, Israel, and the United States.
What kinds of commands can an attacker give to a vulnerable router? Aside from logging in, the attacker can upload, download, and run files on the router. This gives the attacker near-complete control of the router. For example, settings can be modified to help carry out man-in-the-middle attacks.
Here’s another attack that can be easily carried out: the file that contains the user name and password for the router’s normal, web-based administration panel is stored without any encryption. This file can be easily downloaded by the attacker, as seen below:
Figure 2. Dump of user name and password
We are well aware of the dangers of vulnerable routers,
but this vulnerability is particularly serious because of the ease of
exploitation. We have not been able to find any documentation that
describes this backdoor, nor any that states its purpose and who wrote
it. We have contacted the manufacturer, but Trend Micro has not yet
received a response.In order to determine if their router is vulnerable, users can use an online port scanner. A probe at port 53413 of a vulnerable router would result in something like this:
Figure 3. UDP port scan
Users should pay particular attention to the section that has been underlined in red.Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices.
===================================================================
So
far, we all are well aware of the fact that Chinese have had a past
filled with cases of Cyber Crime. China is the world’s largest exporter
of IT goods, but it has been criticized by many countries due to
suspected backdoors in its products, including United States which has
banned its several major government departments, including NASA, Justice
and Commerce Departments, from purchasing Chinese products and computer
technology. The new exposure indicates the same.
Chinese Government is running a man-in-the-middle (MitM) cyber attack campaign on SSL encrypted traffic between the country’s education network and Google.
In an effort to monitor its users of China Education and Research Network (CERNET),
Chinese authorities has started intercepting encrypted traffic to and
from Google’s servers, the non-profit organization GreatFire reported on
Thursday.
However, just like many other foreign websites, Google is blocked in
China. Because Google is one of the vast and valuable website for
research purpose, Chinese authorities allow access to it through CERNET,
a nationwide education and research computer network.
The story broke when CERNET users started reporting on social media
websites that they are receiving warning messages about invalid SSL
certificates when they try to access google.com and google.com.hk
through CERNET.
According to the non profit organisation GreatFire, the Chinese
authorities have launched a man-in-the-middle (MitM) attack against the
encrypted traffic between CERNET and Google in an effort to control the
media as well as messages on all fronts.
The present authorities feel that blocking Google might receive an angry
rebuttal from students, researchers, and educators throughout the
country, so MitM attack will solve the purpose.
“Instead of just outright blocking Google on CERNET, which would have raised the ire of students, educators and researchers across China, the authorities felt that a MITM attack would serve their purpose. By placing a man-in-the-middle, the authorities can continue to provide students and researchers access to Google while eavesdropping or blocking selective search queries and results,” GreatFire reported in a blog post.
With the help of MitM attack, Chinese authorities were spying on users’
search queries and their results. GreatFire said that they concluded the
result after following the expert advice from Netresec, a
security-based company that analyzed the MITM attacks on Github.
Until last month, CERNET users could able to access the search engine
Google freely, but after 28 August, there have been changes and users
receive a certificate expiration page warnings when they search for
something.
Experts believe that the devices which are performing MitM attack may be
injecting packets near the outer border of CERNET, the place where it
peers with external networks. However, Netresec researchers said that
it’s difficult to figure out how the attack was planned, but DNS
spoofing was certainly not used.
“It’s difficult to say exactly how the MITM attack was carried out, but we can dismiss DNS spoofing as the used method. A more probable method would be IP hijacking; either through a BGP prefix hijacking or some form of packet injection. However, regardless of how they did it the attacker would be able to decrypt and inspect the traffic going to Google,” Netresec researchers noted in a blog post.
This isn’t the first time Chinese government launched such attack, the
authorities conducted similar attacks in the past, in January 2013,
against developer site Github. Users of GitHub service in China reported
receiving warning messages about invalid SSL certificates.
---**黑客新聞**中國政府指責攔截通信之間的谷歌和CERNET的!@“ - (週一,2014年9月8日**莫希特庫馬爾)**-
“到目前為止,我們都非常清楚的事實,中國有一個過去充滿了網絡犯罪案件,中國是世界上最大的IT產品出口國,但它已被批評許多國家由於其產品涉嫌後門包括美國已經禁止了幾個主要的政府部門,包括美國航空航天局,司法部和商業部門,從採購中國產品和計算機技術,新曝光指示是一樣的。
中國政府正在運行的人在這方面的中間人(MITM)的網絡攻擊活動上的SSL加密流量的全國教育網絡和谷歌之間。
在努力監控其用戶中國教育和科研計算機網(CERNET)中,中國政府已經開始攔截加密的流量,並從谷歌的服務器,非營利組織GreatFire週四報導。
然而,就像許多其他外國網站,谷歌在中國被屏蔽。因為谷歌是用於研究目的的浩瀚和有價值的網站之一,中國當局允許通過CERNET,在全國范圍內的教育和科研計算機網訪問它。
的故事發生在CERNET的用戶開始,他們收到有關無效的SSL證書的警告消息,當他們試圖訪問google.com及google.com.hk通過CERNET的社交媒體網站報導。
根據非營利組織GreatFire,中國當局已經在努力控制各方面的媒體以及信息發動了對CERNET和谷歌之間的加密通信的人,在這方面的中間人(MITM)攻擊。
本機關認為,阻止谷歌可能會收到來自學生,研究人員和教育工作者憤怒的反駁遍布全國各地,所以MITM攻擊就能解決的目的。
“而不是只是徹底阻止谷歌對CERNET,這將提高學生,教師和研究人員在中國的憤怒,當局認為必須MITM攻擊會達到其目的。通過放置一個人在這方面的中間人,當局可以繼續提供學生和研究人員訪問谷歌,而竊聽或攔截選擇性的搜索查詢和結果,“GreatFire報在一篇博客文章。
隨著MITM攻擊的幫助下,中國當局暗中監視用戶的搜索查詢和結果。 GreatFire說,他們得出的結論如下從Netresec,即分析在Github上的MITM攻擊安全的公司的專家意見後的結果。
直到上個月,CERNET的用戶可能無法訪問搜索引擎谷歌縱橫,但是8月28日之後,已經出現了變化,用戶收到一個證書過期頁面警告時,他們尋找的東西。
專家認為,這是進行MITM攻擊的設備可以被注入賽爾,在那裡它與外部網絡的對等體處的外邊界附近的數據包。然而,Netresec研究人員說,這是很難搞清楚的攻擊是如何規劃的,但肯定不是使用DNS欺騙。
“這很難說究竟如何MITM攻擊進行了,但我們可以排除DNS欺騙的使用方法。更可能的方法是IP劫持;無論是通過BGP前綴劫持或某種形式的數據包注入。然而,不管他們怎麼做的,攻擊者將能夠解密和檢查流量將谷歌“在博客中Netresec研究人員指出。博客文章 !!
博客文章
這已經不是第一次,中國政府推出了此類攻擊,當局共進行過類似的攻擊,在2013年1月,對開發者網站Github上。 GitHub的服務於中國的用戶報告收到有關無效的SSL證書的警告消息。
- 多見於:http://thehackernews.com/2014/09/government被告-OF-intercepting.html#sthash.0Ekn6wea.dpuf
遵循“莫希特庫馬爾' 的Google+
##############################################
https://zh.greatfire.org/blog/2014/sep/authorities-launch-man-middle-attack-google
谷歌在中国教育网遭国家级中间人攻击
percy 星期四, 9月 04, 2014 发布
What happened?
从2014年8月28日起,有网友在微博和Google+上报告说,当部分大陆网友试图在中国教育网(CERNET)内连接 google.com和google.com.hk等网页时,均收到SSL证书错误的提示(SSL证书是用于加密HTTP数据传输的证明)。这意味着谷歌 在教育网上受到中间人攻击(MITM attack)。从今年6月4日开始,谷歌的绝大多数服务在中国遭封锁,但在中国教育科研网内并未受到干扰。在新学期开学之际,谷歌在教育网上遭到中间人攻击。中国网络审查监测组织Greatfire相信,攻击是由中国政府发起的。
在维基百科上,将“中间人攻击”的定义为一种主动性的监听:
中间人攻击是指,攻击者与通讯的两端分别建立独立的联系,并交换其所收到的数据,使通讯的两端认为他们正在通过一个私密的连接与对方直接对话,但事实上整个会话都被攻击者完全控制。在中间人攻击中,攻击者可以拦截通讯双方的通话并插入新的内容。
Why?
Greatfire相信,当局有足够的动机,对谷歌发动中间人攻击。谷歌于2014年3月12日开始开始对中国以及全球各地的默认搜索启用 https加密搜索。换句话说,用户与谷歌之间的信息传输都默认加密。只有终端用户和谷歌服务器知道所搜索并被返回的内容。中国的防火墙只能看到用户连接 上了谷歌的服务器,并不知道传输的数据内容。这也意味着,当局无法对谷歌进行逐条封锁,因此只能将谷歌全盘封锁。到目前为止,这种封锁发生在中国的公共互 联网上,但还未发生在教育网中。中国政府深知,如果中国要在科研领域取得进展和创新,中国的科研人员必须能够通过谷歌来连接到大量的信息。也正因为这个原因,中国教育网长期都少受到网络 审查的干扰。在教育网内,中国用户请正常访问在5月30日被封锁的Google服务,包括Gmail。与此形成强烈对比的是,在中国的公共网络上,谷歌学 术搜索被封,该网站的中文版将用户导流到香港版的站点上,但香港版的谷歌学术搜索也在大陆被封。
在上个月之前,在教育网上连接谷歌几乎并未遭到干扰。但本届政府已展示出其在各个战线上控制互联网与信息的决心。当局并没有在教育网上直接封锁谷歌,因为 这很可能招致全国学生、教师以及科研人员的反感。当局选择在教育网内对谷歌发动中间人攻击,这样一来,学生和科研人员能继续使用谷歌,而当局又可以监听并 有选择地拦截搜索请求以及结果。
这并非中国当局首次发动中间人攻击。在2013年1月,中国政府曾发动了针对Github的中间人攻击,波及全国。
Has it happened before?
At the beginning of last year, the Chinese authorities staged a country-wide MITM attack on Github.攻击会再次发生吗?
Greatfire表示,由于加密的网络服务增加,当局很可能会更多地使用中间人攻击。攻击细节
已有多名用户报告,在教育网内连接谷歌均收到伪造地SSL证书。软件安全公司Netresec曾做过有关GItHub在中国遭中间人攻击地全面分析。Netresec分析了Greatfire发送的以下截图后表示,所有证据表明,中国教育网与谷歌之间地信息交通正在受到中间人攻击。发动中间人攻击地机器很可能在教育网与其他网络地对等连接处发送数据帧。Netresec将在近期内发布全面分析报告。Greatfire采用网民的以下报告来进行分析。Solidot的这篇报道也引用了同样的报告。
这个截图显示,当用户使用Chrome浏览器连接谷歌时,收到了SSL证书错误的提示。由于谷歌启用了强制安全传输(HSTS),Chrome和Firefox浏览器禁止用户避开这个提示。
该用户还比较了他在正常连接情况下收到的证书(左)和在遭中间人攻击情况下连接时收到的证书(右)。
Google+上的相关报道
https://plus.google.com/u/0/115822850906053020654/posts/EGW4NEd7z3N
https://plus.google.com/+duffJiang/posts/Dk5LrD7CiWM
用户该怎么做
当你看到证书错误提示时,千万不要将其点开。用户应该使用Firefox或Chrome浏览器,这两个浏览器禁止用户点开启用了强制安全传输的网站(如谷歌和Github)。如果你点开了警告,你的谷歌账户凭据信息可能被盗窃,这意味这你的Gmail邮件可以被攻击者一览无遗。用户可以通过谷歌的镜像网站来连接谷歌。谷歌在6月份被中国封锁后,Greatfire设立了一个谷歌镜像网站。到目前为止,已有超过100万中国用户使用了我们的“自由谷歌”网站和其他无法在中国被封锁的镜像。
###############################################
08月 25日
|
下午6時41分(UTC-7)|通過 葉添(威脅研究員)
|
磊科所生產的路由器,一個受歡迎的品牌網絡設備在中國,有一個開闊的後門程序,可以很容易被攻擊者利用。 這些產品在Netis名牌也賣中國以外。 這個後門可以讓網絡犯罪分子可以輕鬆地這些路由器上運行任意代碼,使其脆弱的安全設備。
這是什麼後門? 簡單地說,它是一個開放的UDP端口的端口53413.監聽此端口是路由器的WAN端訪問。 這意味著,如果有問題的路由器有一個外部可訪問的IP地址(例如,幾乎所有的住宅和中小型企業用戶),從互聯網上的任何地方,攻擊者可以訪問這個後門:
圖1:netstat輸出中,與網絡管理及後門端口突出
這個後門是由位於路由器的固件單一,硬編碼密碼“保護”。 磊科/ Netis路由器似乎都有著相同的密碼。 這種“保護”本質上是無效的,因為攻擊者可以很容易地登錄到這些路由器,用戶無法修改或取消這個後門。 幾乎所有的磊科/ Netis路由器似乎有此漏洞的基礎上,我們研究的信息。 使用ZMAP ,掃描弱勢路由器,我們發現了超過200萬的IP地址與開放的UDP端口。 幾乎所有這些路由器都在中國,與更小的數字在其他國家,包括但不限於韓國,台灣,以色列和美國。
可以攻擊給脆弱的路由器什麼樣的命令? 除了登錄,攻擊者可以上傳,下載,並在路由器上運行的文件。 這使得幾乎完全路由器的控制的攻擊者。 例如,設置可進行修改,以幫助進行人在這方面的中間人攻擊。
這裡的另一個攻擊可以很容易地進行:包含路由器的正常,基於Web的管理面板中的用戶名和密碼的文件存儲,沒有任何加密。 這個文件可以被攻擊者輕易下載,如下所示:
圖2轉儲的用戶名和密碼
我們深知危險脆弱的路由器 ,但此漏洞是由於易於開採的特別嚴重。 我們一直沒能找到描述該後門程序的任何文件,也沒有任何聲明的目的,誰寫的。 我們已經聯繫了生產廠家,但趨勢科技尚未收到答复。 為了確定他們的路由器存在漏洞,用戶可以使用在線端口掃描器 。 探針在一個脆弱的路由器的端口53413會導致這樣的事情:
圖3:UDP端口掃描
用戶應特別注意已強調紅色部分。 用戶可用來解決這個問題相對較少的解決方案。 支持磊科路由器通過類似的開源固件DD-WRT和番茄實質上是有限的; 只有一個路由器似乎有支持的。 除此之外,只有足夠的替代方案是更換這些設備。
=====================================================================
http://thehackernews.com/2014/09/government-accused-of-intercepting.html
---**해커 뉴스**구글과 CERNET 간의 트래픽을 가로 채기 고발 중국 정부! @"- (2014년 9월 8일 (월요일)**Mohit 쿠마) **-
"지금까지 우리 모두는 중국이 IT 제품의 세계 최대 수출국이다. 중국어 사이버 범죄 가지 경우로 가득 찬 과거를했다는 사실을 잘 알고 있지만 인해 제품에 의심 백도어에 많은 국가에 의해 비판을 받아왔다 중국 제품과 컴퓨터 기술을 구입에서, NASA, 정의와 상업 부서를 포함하여 여러 주요 정부 부처를 금지하고있다 미국을 포함한. 새로운 노출은 동일하게 나타냅니다.
중국 정부는 국가의 교육 네트워크와 구글 사이의 SSL 암호화 트래픽에 중간자 (MITM) 사이버 공격 캠페인을 실행하고 있습니다.
중국 교육 연구 네트워크 (CERNET)의 그것의 사용자를 모니터링 할 수있는 노력의 일환으로 중국 정부가 구글의 서버에서 암호화 된 트래픽을 차단 시작, 비영리 단체 GreatFire는 목요일에보고했다.
그러나, 단지 다른 많은 외국 웹 사이트처럼 구글은 중국에서 차단됩니다. 구글은 연구 목적을 위해 광대하고 가치있는 웹 사이트 중 하나이기 때문에, 중국 당국은 CERNET, 전국 교육 및 연구 컴퓨터 네트워크를 통해 액세스 할 수 있습니다.
CERNET의 사용자가 google.com에 액세스 CERNET을 통해 google.com.hk 할 때 그들이 잘못된 SSL 인증서에 대한 경고 메시지를 받고있는 소셜 미디어 웹 사이트에 대한보고를 시작했을 때 이야기는 끊었다.
비영리 조직 GreatFire에 따르면, 중국 당국은 모든 전선에서 미디어뿐만 아니라 메시지를 제어하기위한 노력의 일환으로 CERNET과 구글 사이의 암호화 된 트래픽에 대한 중간자 (MITM) 공격을 시작했습니다.
본 당국은 MITM 공격이 목적을 해결할 수 있도록 구글을 차단하는 것은, 전국의 학생, 연구자, 교육자에서 화가 반박를받을 수 있습니다 생각합니다.
"대신 철저하게 중국 전역 학생, 교육자 및 연구자의 분노를 제기 할 CERNET에 구글을 차단, 당국은 MITM 공격이 자신의 목적에 봉사 것이라고 느꼈다. 배치하여 사람이 중간에, 당국은 학생들에게 지속적으로 제공 할 수 있으며, 도청 또는 선택 검색 쿼리 및 결과를 차단은, "GreatFire는 블로그 포스트에보고하는 동안 연구팀은 Google에 액세스 할 수 있습니다.
MITM 공격의 도움으로, 중국 당국은 사용자의 검색 쿼리와 그 결과를 감시하고 있었다. GreatFire은 Netresec, Github에서의 MITM 공격을 분석 보안 기반 회사에서 전문가의 조언에 따라 후 결과를 체결했다.
지난 달까지 CERNET 사용자 수를 자유롭게 검색 엔진 구글에 액세스 할 수 있지만, 그들이 뭔가를 검색 할 때 8월 28일 후되어 변화와 사용자는 인증서 만료 페이지 경고가 나타날 수있다.
전문가는 MITM 공격을 수행하는 장치 CERNET, 그것을 외부 네트워크와 피어 장소의 외측 테두리 부근 패킷 주입 될 수 있다고 믿는다. 그러나 Netresec 연구원은 공격이 계획되었지만, DNS 스푸핑이 확실히 사용하지 않은 방법을 알아 내기 어렵 말했다.
"그것은 MITM 공격이 수행 된 방법을 정확하게 말을하기는 어렵습니다, 그러나 우리는 사용 방법과 DNS 스푸핑을 기각 할 수 있습니다.더 많은 가능성이 방법은 IP 하이재킹 될 것이다; 하나 BGP 접두사 하이재킹 또는 패킷 분사의 형태를 통해. 그러나 관계없이 그것을 어떻게의 공격자가 암호를 해독하고 구글에가는 트래픽을 검사 할 수있을 것 "Netresec 연구진은 블로그 게시물에서 밝혔다.
이는 중국 정부가 이러한 공격을 시작 처음은 아니다, 당국은 개발자 사이트 Github에서 대한 2013년 1월에서 과거에 유사한 공격은, 실시했다. 중국에서 GitHub의 서비스의 사용자는 유효하지 않은 SSL 인증서에 대한 경고 메시지를 수신 보도했다.
-에 대한 자세한 내용보기 : http://thehackernews.com/2014/09/government - 비난 - 중 - intercepting.html#sthash.0Ekn6wea.dpuf
##################
트렌드 랩 악성 코드의 블로그
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
====================================================================
http://thehackernews.com/2014/09/government-accused-of-intercepting.html
---**LES NOUVELLES HACKER**gouvernement chinois accusé d'intercepter du trafic entre Google et CERNET !! @ "- (lundi, Septembre 08, 2014**Mohit Kumar) **-
"Jusqu'à présent, nous sommes tous bien conscients du fait que les Chinois ont eu un passé rempli de cas de cybercriminalité. Chine est le premier exportateur mondial de produits des TI, mais il a été critiqué par de nombreux pays en raison de backdoors suspects dans ses produits , y compris les Etats-Unis qui a interdit à ses plusieurs grands ministères, y compris de la NASA, de la justice et ministères Commerce, de l'achat des produits chinois et la technologie informatique. Cette nouvelle exposition indique la même.
Gouvernement chinois est en cours d'exécution d'un man-in-the-middle (MitM) campagne de cyber attaque sur le trafic SSL crypté entre l'éducation et le réseau Google du pays.
Dans un effort pour surveiller ses utilisateurs de l'Éducation de la Chine et du Réseau de recherche (CERNET), les autorités chinoises ont commencé à intercepter le trafic crypté vers et depuis les serveurs de Google, l'organisation à but non lucratif GreatFire rapporté jeudi.
Cependant, tout comme de nombreux autres sites étrangers, Google est bloqué en Chine. Parce que Google est l'un des site vaste et précieux pour des fins de recherche, les autorités chinoises autorisent l'accès à travers CERNET, un réseau informatique de l'éducation et de la recherche à l'échelle nationale.
L'histoire a éclaté lorsque les utilisateurs Cernet commencé à rapporter sur les sites de médias sociaux qu'ils reçoivent des messages d'avertissement concernant les certificats SSL valides lorsqu'ils tentent d'accéder à google.com et google.com.hk par CERNET.
Selon l'organisation à but non lucratif GreatFire, les autorités chinoises ont lancé un (MitM) attaque man-in-the-middle contre le trafic crypté entre CERNET et Google dans le but de contrôler les médias ainsi que les messages sur tous les fronts.
Les autorités actuelles estiment que le blocage de Google pourrait recevoir une réfutation colère des étudiants, des chercheurs et des enseignants dans tout le pays, de sorte MitM attaque résoudre le but.
"Au lieu de simplement pure et simple blocage Google sur CERNET, ce qui aurait provoqué la colère des étudiants, des enseignants et des chercheurs à travers la Chine, les autorités ont estimé qu'une attaque de type MITM serait leur objectif. En plaçant un man-in-the-middle, les autorités peuvent continuer à fournir aux étudiants et aux chercheurs un accès à Google en écoute ou en bloquant les requêtes et les résultats de la recherche sélective, "GreatFire signalé dans un billet de blog.
Avec l'aide de MitM attaque, les autorités chinoises ont été espionnage sur les requêtes de recherche des utilisateurs et de leurs résultats. GreatFire dit qu'ils ont conclu le résultat après avoir suivi les conseils d'experts de Netresec, une société axée sur la sécurité qui a analysé les attaques MITM sur Github.
Jusqu'au mois dernier, les utilisateurs Cernet pourraient accéder au moteur de recherche Google librement, mais après le 28 Août, il ya eu des changements et les utilisateurs reçoivent une page d'expiration du certificat avertissements quand ils cherchent quelque chose.
Les experts estiment que les dispositifs qui effectuent MitM attaque peuvent être injectent des paquets près de la frontière extérieure de CERNET, l'endroit où il scrute avec des réseaux extérieurs. Cependant, les chercheurs Netresec dit qu'il est difficile de comprendre comment l'attaque a été planifiée, mais l'usurpation DNS n'a certainement pas été utilisé.
«Il est difficile de dire exactement combien l'attaque MITM a été réalisée, mais on ne peut rejeter l'usurpation DNS que la méthode utilisée. Une méthode plus probable serait le détournement de la propriété intellectuelle; soit par un préfixe BGP détournement ou une certaine forme de l'injection de paquets. Cependant, quelle que soit la façon dont ils l'ont fait l'attaquant serait capable de déchiffrer et inspecter le trafic allant sur Google, «les chercheurs Netresec noté dans un billet de blog.
Ce n'est pas la première fois gouvernement chinois a lancé cette attaque, les autorités ont mené des attaques similaires dans le passé, en Janvier 2013, contre le site développeur Github. Les utilisateurs de service GitHub en Chine ont déclaré avoir reçu des messages d'avertissement sur les certificats SSL valides.
- Voir plus: http://thehackernews.com/2014/09/government-accusé-de-intercepting.html#sthash.0Ekn6wea.dpuf
##############
** TrendLabs Malware Blog**
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
======================================================================
http://thehackernews.com/2014/09/government-accused-of-intercepting.html
---**LA NOTIZIA HACKER**governo cinese Accusato di intercettare il traffico tra Google e CERNET !! @ "- (Lunedi, September 08, 2014 ** Mohit Kumar) **-
"Finora, siamo tutti ben consapevoli del fatto che i cinesi hanno avuto un passato pieno di casi di cibercriminalità. La Cina è il più grande esportatore mondiale di beni IT, ma è stato criticato da molti paesi a causa di backdoor sospetti nei suoi prodotti , tra cui Stati Uniti, che ha messo al bando le sue diverse importanti dipartimenti governativi, tra cui la NASA, la giustizia e Commercio dipartimenti, di acquistare prodotti cinesi e la tecnologia informatica. la nuova esposizione indica la stessa.
Governo cinese è in esecuzione un (MitM) campagna di cyber attacco man-in-the-middle sul traffico SSL crittografato tra rete di istruzione del paese e Google.
Nel tentativo di monitorare i propri utenti di Cina Education e Research Network (CERNET), le autorità cinesi hanno iniziato a intercettare il traffico crittografato da e verso server di Google, l'organizzazione non-profit GreatFire riferito Giovedi.
Tuttavia, come molti altri siti web stranieri, Google è bloccato in Cina. Perché Google è uno dei più vasto e prezioso sito per scopi di ricerca, le autorità cinesi permettono l'accesso ad esso attraverso CERNET, una istruzione e la ricerca rete di computer a livello nazionale.
La storia ha rotto quando gli utenti Cernet iniziato riferire sui siti web di social media che stanno ricevendo messaggi di avviso su certificati SSL non validi quando si tenta di accedere a google.com e google.com.hk attraverso CERNET.
Secondo l'organizzazione non profit GreatFire, le autorità cinesi hanno lanciato un (MitM) attacco man-in-the-middle contro il traffico crittografato tra CERNET e Google, nel tentativo di controllare i media così come i messaggi su tutti i fronti.
Le autorità presenti ritengono che il blocco di Google potrebbe ricevere una confutazione arrabbiato da studenti, ricercatori ed educatori in tutto il paese, in modo da attacco MITM risolverà lo scopo.
"Invece di limitarsi a titolo definitivo blocco di Google su CERNET, che avrebbe sollevato le ire di studenti, docenti e ricercatori in tutta la Cina, le autorità hanno ritenuto che un attacco MITM sarebbe servito il loro scopo. Inserendo un man-in-the-middle, le autorità possono continuare a fornire agli studenti e ai ricercatori di accedere a Google durante l'intercettazione o il blocco query di ricerca selettivi e risultati, "GreatFire riportato in un post sul blog.
Con l'aiuto di attacco MITM, le autorità cinesi erano spionaggio su query di ricerca degli utenti e dei loro risultati. GreatFire ha detto che hanno concluso il risultato dopo aver seguito il parere di un esperto da Netresec, una società basata sulla sicurezza che ha analizzato gli attacchi MITM su Github.
Fino al mese scorso, gli utenti potranno Cernet in grado di accedere al motore di ricerca di Google liberamente, ma dopo il 28 di agosto, ci sono stati cambiamenti e gli utenti riceveranno un attestato di scadenza avvisi di pagina quando sono alla ricerca di qualcosa.
Gli esperti ritengono che i dispositivi che eseguono attacco MITM possono essere iniettando pacchetti vicino al bordo esterno del CERNET, il luogo dove coetanei con reti esterne. Tuttavia, i ricercatori Netresec ha detto che è difficile capire come è stato pianificato l'attacco, ma spoofing DNS non è stato certamente usato.
"E 'difficile dire esattamente come è stato condotto l'attacco MITM, ma siamo in grado di liquidare spoofing DNS come il metodo utilizzato. Un metodo più probabile sarebbe dirottamento IP; sia attraverso un prefisso dirottamento BGP o una qualche forma di packet injection. Tuttavia, indipendentemente da come hanno fatto l'attaccante sarebbe in grado di decifrare e ispezionare il traffico che va a Google, "i ricercatori Netresec notato in un post sul blog.
Questa non è la prima volta che il governo cinese ha lanciato attacco del genere, le autorità hanno condotto attacchi simili in passato, nel mese di gennaio 2013, contro il sito degli sviluppatori Github. Gli utenti del servizio GitHub in Cina hanno riferito la ricezione di messaggi di avviso sui certificati SSL non validi.
- See more at: http://thehackernews.com/2014/09/government-accusato-di-intercepting.html#sthash.0Ekn6wea.dpuf
#####################
** Blog TrendLabs Malware**
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
============================================================
http://thehackernews.com/2014/09/government-accused-of-intercepting.html
---**ANG MGA BALITA Hacker**Chinese Gobyerno inakusahan ng Intercepting Trapiko Sa pagitan ng Google at CERNET !! @ "- (Lunes Septiyembre 8, 2014 ** Mohit Kumar) ** -
"Sa ngayon, tayong lahat ay mahusay kamalayan sa ang katunayan na ang Chinese nagkaroon ng nakalipas na puno ng mga kaso ng Cyber Crime. Tsina ay ang pinakamalaking Exporter sa mundo ng IT mga produkto, ngunit ito ay nai-criticized sa pamamagitan ng maraming mga bansa dahil sa mga pinaghihinalaang backdoors sa mga produkto nito , kabilang ang Estados Unidos kung saan ay naka-ban nito ng ilang mga pangunahing mga kagawaran ng pamahalaan, kabilang ang NASA, Justice at Commerce mga kagawaran, mula sa pagbili ng Chinese produkto at teknolohiya computer. nagpapahiwatig ng parehong ang bagong pagkakalantad.
Chinese Gobyerno ay nagpapatakbo ng isang tao-in-the-gitna (MitM) cyber atake kampanya sa naka-encrypt na SSL trapiko sa pagitan ng edukasyon at network ng Google ng bansa.
Sa isang pagsusumikap upang subaybayan ang mga gumagamit nito ng Tsina Edukasyon at Research Network (CERNET), Tsino awtoridad ay nagsimula intercepting naka-encrypt ang trapiko sa at mula sa mga server ng Google, ang non-profit na organisasyon GreatFire iniulat sa Huwebes.
Gayunpaman, tulad ng maraming iba pang mga banyagang website, ang Google ay naka-block sa China. Dahil ang Google ay isa sa mga malawak at mahalagang website para sa pananaliksik layunin, Tsino awtoridad payagan ang access dito sa pamamagitan ng CERNET, ang isang buong bansa-aaral at pagsasaliksik sa network ng computer.
Kuwento Nasira kapag CERNET mga gumagamit na sinimulan ng pag-uulat sa mga website social media na sila ay nakakatanggap ng babala mga mensahe tungkol sa mga hindi wastong SSL certificate kapag sinubukan nilang i-access ang google.com at google.com.hk sa pamamagitan ng CERNET.
Ayon sa non profit na organisasyon GreatFire, ang Chinese mga awtoridad na naglunsad ng isang tao-in-the-gitna (MitM) atake laban sa mga naka-encrypt ang trapiko sa pagitan ng CERNET at Google sa isang pagsisikap upang makontrol ang media pati na rin ang mga mensahe sa lahat ng mga fronts.
Ang kasalukuyang mga awtoridad sa palagay na ang pag-block ng Google na maaaring matanggap ng isang galit SAGOT mula sa mga mag-aaral, mga mananaliksik, at educators sa buong bansa, kaya MitM atake ay malutas ang layunin.
"Sa halip na lamang tahasan pag-block ng Google sa CERNET, na sana ay itinaas ang ire ng mga mag-aaral, tagapagturo at mga mananaliksik sa buong China, naramdaman ng mga awtoridad na ang isang MITM atake ay maghatid ng kanilang mga layunin. Sa pamamagitan ng paglalagay ng isang tao-in-the-gitna, ang mga awtoridad ay maaaring magpatuloy upang magbigay ng mga mag-aaral at mga mananaliksik ng access sa Google habang eavesdropping o pagharang sa Selective mga query sa paghahanap at mga resulta, "GreatFire iniulat sa isang blog post.
Sa tulong ng MitM atake, Tsino awtoridad ay spying sa mga gumagamit ng 'mga query sa paghahanap at sa kanilang mga resulta. Sinabi GreatFire na Napagpasyahan ng mga ito ang resulta pagkatapos ng pagsunod sa mga ekspertong payo mula sa Netresec, isang kumpanya sa seguridad-based na pinag-aralan ang mga pag-atake MITM sa Github.
Hanggang noong nakaraang buwan, CERNET mga gumagamit ay maaaring ma-access ang search engine ng Google malayang, ngunit pagkatapos ng Agosto 28, nagkaroon ng mga pagbabago at mga user na makatanggap ng isang pag-expire ng certificate babala pahina kapag sila ay naghanap para sa isang bagay.
Naniniwala mga dalubhasa na ang mga aparato kung saan ay gumaganap MitM pag-atake ay maaaring injecting packet malapit sa mga panlabas na hangganan ng CERNET, ang lugar kung saan ito mga kapantay na may panlabas na mga network. Gayunpaman, sinabi Netresec mga mananaliksik na ito ay mahirap upang malaman kung paano ang pag-atake ay binalak, ngunit DNS panggagaya ay tiyak na hindi ginagamit.
"Ito ay mahirap na sabihin kung paano mismo ay natupad ang MITM atake, ngunit maaari naming huwag pansinin ang DNS panggagaya bilang mga ginamit na paraan. Ang isang mas malamang na pamamaraan ay magiging IP hijack; alinman sa pamamagitan ng isang BGP prefix-hijack o ilang paraan ng packet iniksyon. Gayunpaman, hindi alintana ng kung paano sila ginawa nito ang pag-atake ay magagawang upang i-decrypt at siyasatin ang trapiko ng pagpunta sa Google, "Netresec mga mananaliksik ng nabanggit sa isang blog post.
Hindi ito ang unang pagkakataon na inilunsad ng pamahalaan Tsino tulad atake, ang mga awtoridad na isinasagawa katulad na pag-atake sa nakaraan, sa Enero 2013, laban sa site ng nag-develop Github. Ang mga gumagamit ng GitHub serbisyo sa China sa pagtanggap ng mga iniulat ng mga mensahe ng babala tungkol sa mga hindi wastong SSL certificate.
- Tingnan ang higit pa sa: http://thehackernews.com/2014/09/government-inakusahan-of-intercepting.html#sthash.0Ekn6wea.dpuf
**=========================================
####################
**Blog TrendLabs Malware**
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
===============================================================
**--Please use Google with a
large family of God translator to translate your country / language city Oh ^ ^
--請各位用家善用谷歌大神的翻譯器,來翻譯你們的國家/城市的語言喔^^
--Por favor, use o Google com
uma grande familia de Deus tradutor para traduzir sua cidade pais / idioma Oh ^
^
--** - 국가 / 언어 시 를 번역하는 하나님 번역기 의 큰 가족과 함께 구글을 사용하십시오 아 ^ ^
--S'il vous plait utilisez
Google avec une grande famille de Dieu traducteur pour traduire votre ville de
pays / langue Oh ^ ^
--Bitte verwenden Sie Google
mit einer grosen Familie Gottes Ubersetzer zu Ihrem Land / Sprache ubersetzen
Stadt Oh ^ ^
--*** - あなたの国/言語の街を翻訳する神トランスレータの大きなファミリーでGoogleを使用してくださいああ^ ^
** - Sila gunakan Google dengan
keluarga besar penterjemah Tuhan untuk menterjemahkan bandar negara / bahasa
anda Oh ^ ^
--** - Utilice Google con una
gran familia de Dios traductor para traducir tu ciudad país / idioma Oh ^ ^
** - Si prega di utilizzare
Google con una grande famiglia di Dio traduttore per tradurre la tua città paese / lingua Oh ^ ^
--Sila gunakan Google dengan
keluarga besar penterjemah Tuhan untuk menterjemahkan bandar negara / bahasa
anda Oh ^ ^
--Bonvole uzu Google kun
granda familio de Dio tradukisto traduki via lando / lingvo urbon Ho ^ ^
"This shit Chinese Communist Party, to our great God is rich in content and search rude,
They certainly are not enough to hate too Shina own degree @!!
Such an insult to the people and the free / not give people the freedom / lock ban meaning of freedom and democracy
Now the big gate was actually in great God * Google * drop ~ ~ @ hey ....
`Dude,` Man, honorable use Google god of black hat, white hat, red passenger ... and so on ~
'There is such a bossy pseudo political shit fart,
It seems I have to spread in the "buddies" international ah,
Lightly to heavily ---> lessons that stem hybrid imperious,
Wu Shi Chinese dog eat dog feces .... hehe ^ ^ since
Order >>>. Cn. Chinese government shit all those who cast a "Chinese Communist dog eating feces."
This site is one place, violence is broken, "Chinese Communist dog has died" Hell to find them, "!!!!"
This is not a joke, Google's clever second Great God, you necessarily know.
The world would dare gall rude and not grateful ~ ~!
Only a jerk!! >>> China
Who cares Chinese barking,
I call on the international hacker can not stay in this shit hand.
Please mighty forces were waving distinguished fine operation ~ ~ ~ "
Sincerely, ~ tiny MelodyRO
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================
"這中國共產狗屁黨,對我們內容豐富和搜尋大神的無禮,
它們定然是嫌自家支那不夠討厭度@!!
這麼一個侮辱人們與自由/不給予人們自由/鎖禁自由民主之意
現在竟在*谷歌大神*落一度大閘門??@嘿嘿....
``哥們,``爺們,各位尊貴使用谷歌大神的黑帽子,白帽子,紅客...等等~
''有這麼個專橫的偽政狗屁在放屁,
看來我要傳播於國際上的"哥兒們"啊,
輕輕至重重的--->教訓這一干雜種專橫,
務使中國狗自吃狗屎....呵呵^^
令>>>.cn.中國的所有政府狗屁者罩上"中國共產狗吃著屎"
此網站一地也是,暴破了,"中國共產狗已死亡"地獄找它們"!!!@"
這個不是開玩笑,谷歌大神的巧秒,各位必然知道.
世界上誰敢膽無禮而不懂感恩??!
只有一個>>>中國混球!!
誰在乎中國狗吠,
我呼喚國際上的黑客對這狗屁不容留手.
請尊貴的大能力量者揮舞精細操作~~~"
渺小的 MelodyRO敬上~
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================
우리의 위대한 하나님은 내용이 풍부하고 무례 검색에 "이것은 중국 공산당은 똥
그들은 확실히 너무시나 자신도 @ 싫어하기에 충분하지 않습니다!
이러한 사람들에게 모욕 자유와 민주주의의 자유 /없는 사람들에게주는 자유 / 잠금 금지의 의미
이제 큰 게이트는 위대하신 하나님 * 구글 * 드롭 ~ ~ 실제로이었다 @ 안녕 ....
`친구`남자, 존경 사용 구글 검은 모자, 흰색 모자, 빨간색 승객의 신 ... 등등 ~
'같은 좋아하고 의사 정치적 똥 방귀가 있습니다,
그것은, 내가 "친구"국제 아 확산 할 것 같다
가볍게 전제 하이브리드 줄기 ---> 수업을 많이합니다,
우시 중국어 개가 도니는 다르게 .... 개 배설물을 먹고 ^ ^ 이후
주문 >>>. CN. 중국 정부가 캐스팅하는 모든 사람 똥 "의 배설물을 먹고 중공군 개."
이 사이트는 한 곳, 폭력은 깨, 지옥, 그들을 찾을 수 "중국어 공산주의 개는 죽었다"는 "!!!!"
농담이 아니라, 구글의 똑똑한 둘째 위대한 하나님, 당신은 반드시 알고있다.
세계는 ~ ~ 무례하지 감사 담즙을 감히!
만 바보! >>> 중국
누가, 중국어 짖는 관심
나는이 똥 손에있을 수 없어 국제 해커에 문의하십시오.
제발 강력한 힘은 "~ ~ ~ 구별 미세 작업을 흔들며했다
감사합니다 ~ 작은 MelodyRO
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================
"Cette merde Parti communiste chinois, à notre grand Dieu est riche en contenu et recherche grossier,
Ils ne sont certainement pas assez à la haine trop Shina propre degré @ !!
Une telle insulte au peuple et l'/ pas donner aux gens le sens de la liberté et de la démocratie interdiction liberté / de verrouillage gratuit
Maintenant la grande porte était effectivement en grand Dieu * Google * goutte ~ ~ @ hey ....
`Mec,` homme, honorable utilisation Google dieu de chapeau noir, chapeau blanc, passager rouge ... et ainsi de suite ~
«Il est comme un pseudo autoritaire merde politique pet,
Il semble que je dois répandre dans le "copains" ah international,
Légèrement à fortement ---> leçons qui découlent hybride impérieux,
Wu Shi chien chinois manger des excréments de chien .... hehe ^ ^ car
Afin >>>. Cn. Gouvernement chinois merde tous ceux qui jeta un "chien communiste chinois manger des excréments."
Ce site est un endroit, la violence est cassé, "chien communiste chinois est mort" enfer pour les trouver, "!!!!"
Ce n'est pas une blague, intelligent deuxième Grand Dieu de Google, vous savez forcément.
Le monde n'oserait vésicule désagréable et pas reconnaissants ~ ~!
Seule une secousse !! >>> Chine
Qui se soucie aboiements chinois,
J'appelle le pirate internationale ne peut pas rester dans cette merde main.
S'il vous plaît puissantes forces agitaient belle opération distingué ~ ~ ~ "
Cordialement, ~ minuscule MelodyRO
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================
"Questa merda Partito comunista cinese, al nostro grande Dio è ricco di contenuti e di ricerca maleducato,
Certamente non sono sufficienti a odiare troppo Shina proprio grado @ !!
Tale insulto al popolo e alla libera / non dare alla gente il significato divieto libertà / serratura di libertà e democrazia
Ora il grande cancello era in realtà in gran Dio * Google * goccia ~ ~ @ hey ....
`Amico,` uomo, uso onorevole Google dio del cappello nero, cappello bianco, passeggero rosso ... e così via ~
'C'è una tale pseudo prepotente merda politica scoreggia,
Sembra che io abbia a diffondersi nella "buddies" ah internazionale,
Leggermente a fortemente ---> lezioni che derivano ibrido imperioso,
Wu Shi cane cinese mangiare feci di cane .... hehe ^ ^ dal
Ordine >>>. Cn. Governo cinese merda tutti coloro che ha lanciato un "cane comunista cinese a mangiare le feci."
Questo sito è un luogo, la violenza è rotto, "cane comunista cinese è morto" inferno per trovarli, "!!!!"
Questo non è uno scherzo, intelligente secondo Gran Dio di Google, è necessariamente sai.
Il mondo avrebbe osato fiele scortese e non grato ~ ~!
Solo un coglione !! >>> Cina
Chi se ne frega abbaiare cinese,
Chiedo l'hacker internazionale non possono soggiornare in questa merda mano.
Si prega di potenti forze sventolavano un'operazione di fine distinto ~ ~ ~ "
Cordiali saluti, ~ piccolo MelodyRO
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================
"Ito shit Chinese Komunista Party, sa aming mahusay na Diyos ay mayaman sa nilalaman at maghanap bastos,
Sila ay tiyak na ay hindi sapat upang kamuhian masyadong Shina sariling degree na @ !!
Ang nasabing isang mang-insulto sa mga tao at sa malayang / hindi bigyan ang mga tao ng kalayaan / lock ban kahulugan ng kalayaan at demokrasya
Ngayon ang malaking gate ay talagang mahusay na sa Diyos * Google * drop ~ ~ @ hey ....
`Dude,` Man, kagalang-galang paggamit ng Google diyos ng itim na sumbrero, puting sumbrero, pula pasahero ... at iba pa ~
'May tulad ng isang bossy pseudo pampulitika shit fart,
Mukhang mayroon akong upang maikalat sa "buddy" internasyonal ah,
Basta-basta sa mabigat ---> mga aralin na stem hybrid imperious,
Wu Shi Chinese aso kumain ng aso feces .... hehe ^ ^ mula noong
Order >>>. CN. Pamahalaan Chinese shit lahat ng mga taong nagsumite ng isang "Chinese aso Komunista pagkain feces."
Ang site na ito ay isang lugar, karahasan ay sira, "Chinese Komunista aso ay namatay" Impiyerno upang makita ang mga ito, "!!!!"
Ito ay hindi isang Joke, matalino pangalawang ng Great Diyos ng Google, ikaw talaga alam.
Ang mundo ay Dare apdo bastos at hindi nagpapasalamat ~ ~!
Isang haltak lamang !! >>> China
Sino pinahahalagahan ng Chinese Barking,
Tumawag ako sa internasyonal na Hacker ay hindi maaaring manatili sa shit kamay.
Mangyaring makapangyarihang pwersa ay waving kilalang masarap na operasyon ~ ~ ~ "
Taos-puso, ~ napakaliit MelodyRO
=========
#############################################################
13/09-2014-
- After the words:
"Much earlier, I would have said my" hidden disease "= not impossible to sleep like a normal person,
As long as lying anywhere, I will not stop coughing,
Then his legs were cut like pain,
Not naturally / tired to sleep, had wrapped my years,
Very tired when the two hours sleep, the body like clockwork, I would naturally wake up ... could not sleep.
This day over many years, but also memories blurred,
So once in a blog reader mentioned on our friends.
Virtuous doctor again told I can no longer work day and night and then "part-time" (in the blog ...)
(Ps share knowledge in blog / Software Utility / discuss news conclusion ... that my life / lives enrich a lot of knowledge no boundary, sex, age, color, religion ... etc., in blogs I may be small but it is the rich people live, so I can not sleep, it is my pillar when pain, so I could void frustration lies in the text written on / reading,
This time, I would think by sharing blog enthusiasts, in order to make ends meet living neither unmerited,
Also play a large role in society can not afford, in this consignment had to accompany my daily edited text "little zero to eat."
If readers appreciate my friends who will support it!
These "little zero to eat." Just 'stupid me' too much space companion,
Are modern living life to find a network of people would be so unbearable, so I kind of like ... (only ... smile).
Blossoms come, never too donors (buy snacks) or not,
I will not stop sharing,
This is my commitment to our friends and readers of our tribe, and until I can not write ~
Thank you! "
Sincerely, ~ tiny Melody.Blog
pls cick the link to support ours" thanks a lot
Melody.Blog支持者食品捐助賬戶, 簡報.pptx 2.0 MB
Melody.Blog支持者食品捐助賬戶.txt 3 KB https://mega.co.nz/#!K40lWLDa!R9QmUcFTNIdz-0bsWcPrQz_CENSmOOWB9FGW7rKqd0
================================
13/09-2014--後語 :
"較早前多,我便説過了我的"隱病"=不可能像正常人一樣的安睡,
只要躺着任何地方,我便會不停咳嗽,
然後雙腿像被割傷的疼痛,
不能自然地/疲累地入睡,已纏繞我多年,
累極之時能睡上兩個小時,身體像時鐘一樣,我便自然醒來...沒能再睡.
這樣的日子過了多少年,也記憶模糊了,
故此曾在部落格對各位朋友讀者提起過.
賢良的醫生再次叮囑我不能再日間工作,夜間再"兼職"(在部落格...)
(P.s.在部落格分享知識/軟件工具程式/討論新聞結語...,使我的人生/生活豐富了很多,知識無分國界,性別,年齡,膚色,宗教...等等,在部落格可卻是別人豐富我渺小的生活,令我不能入睡,痛楚時更是我的支柱,讓我虛空無奈也能寄托在文字編寫/閱覽上,
這時的我便想著藉部落格的分享同好,為了糊口生活既不可無功受祿,
也擔當不起社會大角色,只好在此寄賣一下我日常陪伴編文的"小零吃".
假如各位朋友讀者欣賞我這人,便支持一下吧!
這些"小零吃".只是''愚我''的空間太多的良伴,
現代找生活糊口的網絡人是否會如此不堪,像我這麽樣...(只能...苦笑).
隨心來,不嫌捐助(購買零食)與否,
我的分享不會停止,
這是我對我們部落與各位朋友讀者的承諾,直至我不能執筆~
謝謝!"
渺小的 Melody.Blog敬上~
=============================
13/09-2014-- 단어 후 :
불가능 숨겨진 질병 "= 정상적인 사람처럼 잠을"훨씬 이전에, 내 말한 것 "
한 곳 거짓말로, 나는 기침을 멈추지 않을 것입니다,
그런 다음 자신의 다리가 고통처럼 절단했다,
자연 / 잠을 피곤, 내 년 포장했다 없음,
두 시간 수면, 시계처럼 몸이, 나는 자연스럽게 일어날 것이다 때 매우 피곤 ... 잘 수 없었다.
이 일이 몇 년에 걸쳐, 또한 기억은 흐려
그래서 한 번 우리의 친구에 언급 된 블로그의 리더.
유덕 한 의사는 다시 (... 블로그에) 내가 더 이상 일 밤 다음 "파트 타임"작동하지 않을 수 있습니다 말했다
블로그 (시의 지식을 공유 / 소프트웨어 유틸리티 / 뉴스 결론을 논의 ... 내 인생 / 생활 블로그에서 많은 지식에게 등을 더 경계, 성별, 나이, 피부색, 종교를 ..., 풍부 없다는 것을 나는 작을 수 있지만, 수 , 내 기둥 때 고통, 부유 한 사람들이 사는, 그래서 잠을 잘 수가 없어, 그래서 좌절 / 읽기에 쓰여진 텍스트에있다이 취소 될 수 있습니다
이 시간, 나는 끝이 거주하지 둘 넘치는 충족하기 위해서는, 블로그 매니아를 공유하여 생각
이 위탁 나의 일상 편집 텍스트 동행했다 또한, 감당할 수없는 사회에서 큰 역할을한다 "먹고 거의 제로."
독자가 내 친구를 평가하는 경우에 사람들은 그것을 지원합니다!
이 "작은 제로 먹고." 그냥 '바보 같은 내게'너무 많은 공간 동반자,
그래서 참을 수있을 것입니다 사람들의 네트워크를 찾을 수 현대 생활의 삶, 그래서 나는 가지처럼 ... (만 ... 미소).
꽃은 결코 너무 기증자 (간식을 구입) 여부, 올
나는 공유를 멈추지 않을 것입니다
이것은 우리의 친구, 우리의 부족의 독자들에게 나의 약속입니다, 내가 쓸 수있을 때까지 ~
감사합니다! "
감사합니다 ~ 작은 Melody.Blog
=================================
13/09-2014-- Après les mots:
"Beaucoup plus tôt, j'aurais dit ma" maladie cachée "= impossible de dormir comme une personne normale,
Tant que les mensonges n'importe où, je ne vais pas cesser de tousser,
Puis ses jambes ont été coupées comme la douleur,
Pas naturellement / fatigué pour dormir, avait enveloppé mes années,
Très fatigué quand le sommeil de deux heures, le corps comme sur des roulettes, je serait naturellement réveiller ... ne pouvait pas dormir.
Ce jour-là depuis de nombreuses années, mais aussi des souvenirs floue,
Donc, une fois dans un lecteur de blog mentionné sur nos amis.
Médecin vertueux encore dit que je ne peux plus travailler jour et nuit et puis "à temps partiel" (dans le blog ...)
(Ps partage des connaissances dans le blog / Software Utility / discuter nouvelles conclusion ... que ma vie / vie enrichissent beaucoup de connaissances sans limite, le sexe, l'âge, la couleur, la religion ... etc, dans les blogs, je peut-être petite, mais elle sont les gens riches vivent, donc je ne peux pas dormir, il est mon pilier lorsque la douleur, pour que je puisse annuler la frustration se trouve dans le texte écrit sur / lecture,
Cette fois-ci, je pense en partageant les amateurs de blog, afin de joindre les deux bouts vivre ni imméritée,
Jouent également un grand rôle dans la société ne peut pas se permettre, dans cet envoi devait accompagner mon texte édité quotidien "peu de zéro à manger."
Si les lecteurs apprécient mes amis qui va le soutenir!
Ce «petit zéro à manger." Just 'moi stupide "trop compagnon de l'espace,
Sont la vie de la vie moderne pour trouver un réseau de personnes serait tellement insupportable, donc je peu comme ... (seulement ... sourire).
Fleurs viennent, jamais trop bailleurs de fonds (acheter des snacks) ou non,
Je ne vais pas arrêter le partage,
C'est mon engagement à nos amis et lecteurs de notre tribu, et jusqu'à ce que je ne peux pas écrire ~
Merci! "
Cordialement, ~ minuscule Melody.Blog
=================================
Note "For how much to buy snacks, please e-mail me google +,
Write down the name and number, address
Overseas friends will have to pay the added cost of the respective parcels.
If you do not mind can email on msn dialogue.
Thanks again for giving me my life rich person ~
Note: Only accept cash transactions, barter.
For home use Bitcoin sorry! "
註 :"如欲購買多少零食,請於我的google+電郵,
寫下名稱和數量,地址
海外朋友便要付加相應的包裹費用了.
假如不介意可在電郵上msn對話.
再次感謝我的人生給我豐盛者~
註: 只接受現金交易,以物易物.
對比特幣之用家抱歉了!"
간식을 구입하는 방법에 많이 들어 "주, 나 + 구글 이메일을 보내 주시기 바랍니다,
이름과 번호를 적고, 주소
해외 친구는 각 소포의 추가 비용을 지불해야합니다.
당신의 MSN 대화에 이메일을 보낼 수있다 상관 없어.
다시 한번 감사 드려요 ~ 나에게 내 인생 부자를주는
참고 : 현금 거래를 허용, 물물 교환을.
죄송 비트 코인 가정 사용을 위해! "
Remarque "Pour combien de temps pour acheter des collations, s'il vous plaît envoyez-moi un message Google +,
Notez le nom et le numéro, l'adresse
Amis d'outre-mer auront à payer le coût supplémentaire des parcelles concernées.
Si cela ne vous dérange pas peut envoyer un courriel sur le dialogue msn.
Merci encore de m'avoir donné ma vie riche ~
Remarque: Seulement accepter des transactions en espèces, le troc.
Pour un usage domestique Bitcoin désolé! "
Notu "Por kiom aĉeti manĝetoj, bonvolu retpoŝte min Google+,
Noti la nomon kaj numeron, adreso
Transmaraj amikoj devos pagi la aldonita koste de la respektivaj parceloj.
Se vi ne gravas povas retmesaĝi sur msn dialogo.
Danke denove por doni mian vivon riĉa persono ~
Notu: Nur akcepti kontanta transakcioj, interŝanĝo.
Por hejma uzo Bitcoin bedaŭras! "
감사합니다 ~ 작은 Melody.Blog~
=============================================
http://melodytoyssexy.blogspot.com/2014/09/hacker-newschinese-government-accused.html
=================================================================
---**THE HACKER NEWS**Chinese Government Accused of Intercepting Traffic Between Google and CERNET!!@"-(Monday, September 08, 2014**Mohit Kumar)**-
---**黑客新聞**中國政府指責攔截通信之間的谷歌和CERNET的!@“ - (週一,2014年9月8日**莫希特庫馬爾)**-
---**해커 뉴스**구글과 CERNET 간의 트래픽을 가로 채기 고발 중국 정부! @"- (2014년 9월 8일 (월요일)**Mohit 쿠마) **-
---**LES NOUVELLES HACKER**gouvernement chinois accusé d'intercepter du trafic entre Google et CERNET !! @ "- (lundi, Septembre 08, 2014**Mohit Kumar) **-
---**LA NOTIZIA HACKER**governo cinese Accusato di intercettare il traffico tra Google e CERNET !! @ "- (Lunedi, September 08, 2014 ** Mohit Kumar) **-
--- ** ANG MGA BALITA Hacker ** Chinese Gobyerno inakusahan ng Intercepting Trapiko Sa pagitan ng Google at CERNET !! @ "- (Lunes Septiyembre 8, 2014 ** Mohit Kumar) ** -
**USA/UK/TW/MACAU(FDZ)/KOREN/FR/IT/PH/.......All The World City Lauguage**-
===Melody.Blog===THE END===>/
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
沒有留言:
張貼留言
if you like make fds, wellcome you here~~anytime***
my free place for everyones who want the good software,
come & download them~ wellcome!!