Apple blocked CNNIC CA months after MITM attacks

Image result for Apple blocked CNNIC CA months after MITM attacks


Apple blocked CNNIC CA months after MITM attacks

Submitted by percy on Thu, Sep 24, 2015
In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center(link is external) (CNNIC). CNNIC was controlled by the Chinese government through theMinistry of Industry and Information Technology(link is external) and is now under the management of theCyberspace Administration of China(link is external) (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.
After Google found these unauthorized certificates, both Google and Firefox revoked its trust in CNNIC a few days later, a development we at GreatFire.org have adovacting for since 2013. Apple and Microsoft on the other hand, did not revoke their trust in CNNIC, nor did they make any announcements regarding the security compromise.
In June 2015, Apple quietly published a support article titled “About the security partial trust allow list(link is external)”. This announcement was made quietly and as far as we can see was not picked up in the media. We did not notice this change until this week. Apple states in the support article that “an intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to partially trust a CA by trusting only a set of certificates.” This is the same strategy that has been taken by Google and Firefox to block CNNIC.
Apple also published the full domain list(link is external) signed by CNNIC which might be interesting to researchers.
Microsoft is the only major browser operator left that still trusts CNNIC-issued CAs. Microsoft pointed to a help article(link is external) when requested for comment. Microsoft didn’t indicate any action against CNNIC in the article. We urge Microsoft to revoke CNNIC following Google, Mozilla and Apple's lead and limit CNNIC's authority to the domain list published by Apple. 

Comments

Post a Comment

Popular posts from this blog

Curacao UTS : The following were discussed: 1. Existing (older) telecommunications systems are copper based, but all new development is done with fiber optics. 2. Fiber optics are run to the curb in existing developed areas and run all the way to the home in new developments. 3. Fiber optics are installed underground simultaneously with electric. 4. UTS􀁰 concession mandates that they bring service to the home.

Image
Curacao UTS - Langan International Eric Schwarz: Curacao UTS : The following were discussed:  1. Existing (older) telecommunications systems are copper based, but all new development is done with fiber optics.  2. Fiber optics are run to the curb in existing developed areas and run all the way to the home in new developments.  3. Fiber optics are installed underground simultaneously with electric.  4. UTS􀁰 concession mandates that they bring service to the home. Curacao UTS - Langan International Eric Schwarz: Curacao UTS - Langan International Eric Schwarz: Eastpoint Planning Study 􀁴 United Telecommunications Services (UTS) https://childtraffickingorgans.blogspot.com/2019/01/curacao-uts-langan-international-eric.html
Read more

Do you like Chinese products? Why?

Image
Yes, I do, but god knows why when it comes to “good Chinese products”, Chinese cuisines just popped up in my mind (probably due to the fact that China is a mecca for gourmets). And today, I really want to amaze you with a Chinese product which is on its way to sweep across the globe. Yeah, I’m talking about  Latiao ! You have no idea how Latiao has already captured the heart of our westerner friends. And these pictures can fill you in. Basically, these “Latiao-goers” are teachers in China, and personally speaking, there is little chance that one can resist its magic charm at first taste. Actually the trend of Latiao has already been reported by Xinhua, Global Times  [1] , LinkedIn and so forth. Forget about steamed buns and smelly tofu, and meet the hot new Chinese snack -- latiao! The spicy sticks that are enjoying their fifteen minutes of fame on the global palate. The cheap "delicacy" is made from gluten, the stuff that makes bread do
Read more