Someone in the Syrian telcoms authority is running a clumsy man-in-the-middle attack against Facebook; activists who try to access the site in Syria using SSL get a message saying that the certificate doesn't match. The forged certificate that the telcoms authority is attempting to insert comes from Digi-Cert High Assurance CA-3. I got this wrong -- this is the correct cert; the bogus one is issued by "Facebook Inc". Though the attack is clumsy (it sends up a security warning), many unsophisticated users probably won't understand the warning and could be in danger.
The attack is not extremely sophisticated: the certificate is invalid in user's browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users' only line of defense.
Khartabil has been imprisoned in a Syria’s Adra Prison since 2012, though as of October, he has been transferred to an undisclosed location. The free software/open culture activist was the lead for Creative Commons Syria and has contributed to Wikipedia, Firefox and many other projects.
Evan from Fight for the Future writes, “The privacy-killing law CISA — which gives legal immunity to corporations when they share your private data with the U.S. government — is back on the Senate floor after Internet activists have successfully delayed it many times. This could be our last chance to stop it for good.”
It’s been ten years since Danny O’Brien, Suw Charman and I announced the formation of the UK Open Rights Group at the 2005 Open Tech conference and asked the assembled people to pledge to pay £5/month to help fund a UK-based digital rights group that would fight for their rights online — and everywhere.
Celebrate Cyber Monday with some brain food. Save on any eLearning deal in the Boing Boing Store today using coupon code: CYBERMONDAY25. Below are a couple of our favorite eLearning offers: eduCBA Tech Training Bundle: Lifetime Subscription:Welcome to your personal online classroom, where you can finally study at your own pace, on your own time (and […]
This minimalist multi-tool will see to it that instead of rocking a tool belt, you’ll carry just one. It’s shaped slightly like a key and weighs less than an ounce, so it plays nice with your keychain. The strong surgical-grade stainless steel blade will last, and is handy for everyday tasks like opening boxes and […]
The Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of about 10 minutes and an ultra-smooth ride, it’s a great introductory drone for anyone looking to […]