Comments (1)
The most peculiar feature of the MITM certificates is
emailAddress = [email protected]
You can find a lot of news stories by doing a web search for this email address.
https://www.oschina.net/news/114402/git-mitm (archive)
另据多名网友反馈,京东、koajs 等网站同样出现该问题,同样无效证书来自于该 QQ 邮箱,有人怀疑该疑似攻击者为黑客初学者,而攻击目的很有可能只是在练习/测试,但是此次影响范围之广,不太像是练手。
According to the feedback from several users, Jingdong, koajs and other websites have the same problem, the same invalid certificate came from the same QQ mailbox, some people suspect that the suspected attacker is a beginner hacker, and the purpose of the attack is most likely just practice/testing, but this time the scope of influence is so wide that it is not like a practicing hand.
The article linked in the post above has been updated.
https://www.williamlong.info/archives/6021.html (archive)
打开这个不受信任的证书,显示该证书的颁布者是346608453@qq.com。查询该QQ号码,显示其昵称为心即山灵,地址为黑龙江哈尔滨,通过这个QQ查询其加入的QQ群,可以发现其真名疑似叫“张勇”,居住地疑似为“哈尔滨城东新居D区”,毕业学校疑似为“建三江一中92届”。从攻击者自签名证书留下的QQ号可以在网上搜寻到部分信息,信息显示此前这名攻击者正在学习加密技术。这名攻击者还曾在技术交流网站求助他人发送相关源代码,从已知信息判断攻击者可能是在学习后尝试发起攻击。
更新:3月27日13:17,QQ号346608453在其QQ空间“心即灵山的QQ空间”发布信息,称“QQ号码被盗,现已恢复”。但这个声明却显得有些“不打自招”,因为攻击者要生成CA证书的话,随便填个邮箱都可以,根本不需要盗QQ号。
Opening this untrusted certificate shows that the issuer of the certificate is 346608453@qq.com. Querying the QQ number shows that his nickname is Xinlingshanling, whose address is Harbin, Heilongjiang. Through this QQ query to join the QQ group, it can be found that his real name is suspected to be "Zhang Yong", and his place of residence is suspected to be "Harbin Chengdong Xinju D District", the graduation school is suspected to be "92nd Sanjiang No.1 Middle School". From the QQ number left by the attacker's self-signed certificate, some information can be searched online. The information shows that the attacker was learning encryption technology before. The attacker also asked others to send related source code on the technical communication website, and judged from the known information that the attacker may have tried to launch the attack after learning.
Update: On March 27th at 13:17, QQ number 346608453 posted information in its QQ space "Heart is Lingshan's QQ space", saying that "the QQ number was stolen and has now been restored." However, this statement seems to be a bit "uninvited", because if an attacker wants to generate a CA certificate, he can fill in an email box without having to steal the QQ number.
from bbs.
Related Issues (20)
- Some IP addresses used for DNS censorship in India HOT 3
- Defense against AI-guided Traffic Analysis (DAITA)
- Blocking of fully encrypted protocols (Shadowsocks, VMess) in Russia, targeting HTTPS traffic fingerprints HOT 12
- Blocking of *.pages.dev in Russia HOT 4
- I have my own VPN application, and I published it in the app markets. What is the difference between LTE and Home internet? HOT 3
- Snowflake, a censorship circumvention system using temporary WebRTC proxies (USENIX Security 2024) HOT 1
- Bleeding Wall: A Hematologic Examination on the Great Firewall (FOCI 2024)
- Assistance Needed to Bypass Restrictions on Irancell Network HOT 5
- VPN blocking in Myanmar since 2024-05-30 reportedly implemented by a Chinese company, Geedge Networks HOT 6
- Is TLS fragment available in China? HOT 1
- Firefox Add-ons blocks access to some proxy extensions from Russia HOT 6
- vmess://
- Is it possible to implement a man-in-the-middle (MITM) tool to bypass censorship? HOT 11
- ss://
- Issues with Trading & Banking Apps and Google Services HOT 6
- Free livestream of FOCI, PETS, and HotPETs, 2024-07-15 to 2024-07-19 HOT 4
- Russia forces Apple to remove dozens of VPN apps from App Store HOT 5
- Turkmenistan:"Internet amnesty? 3 billion IP addresses, hosting and CDNs unblocked" (2024-07-17)
- Looking at the Clouds: Leveraging Pub/Sub Cloud Services for Censorship-Resistant Rendezvous Channels (Update)
- 使用Google新部署的W开头的中间证书签发的网站在TLS 1.2下100%阻断 / Sites issued with Google's newly deployed intermediate certificates starting with W are 100% blocked under TLS 1.2 HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbs.