苹果iCloud在中国遭中间人攻击

中国当局对苹果的云服务iCloud发起中间人攻击(MITM)。此前,有调查显示,中国对Github、谷歌、雅虎和微软都发动了中间人攻击。此次对iCloud的中间人攻击,与此前对谷歌、Github和雅虎的攻击不同。此次对苹果的攻击,是为了盗取用户的登录名和密码,以及储存在iCloud上的所有数据,包括iMessage、照片、联络人等。

此次对苹果的攻击是全国性的,且发生在iPhone 6在中国开售首日(10月18日)。中国防火墙GFW正在通过一张假的安全证书,对苹果的iCloud发起中间人攻击。当局仅攻击了IP地址 23.59.94.46. 。并非中国大陆的所有用户都受到影响,因为iCloud的DNS服务器返回的IP地址可能不同。

icloud2.png

此前对谷歌和雅虎的中间人攻击,中国当局从中获取了中国网民这两个平台上所获得的信息。此次对苹果的攻击中,如果用户忽视安全警告,直接点进苹果网站并输入用户名和密码,他们的登入信息将被当局获取。许多苹果用户使用iCloud来存储个人信息,包括iMessages,照片和联络人等。Greatfire推测,此次苹果受攻击,可能与香港占中的图像信息被分享到大陆有关。

用户要如何对抗此次攻击?

中国网民首先要在电脑和移动设备上使用可靠的浏览器:Firefox和Chrome在某网站遭中间人攻击时,都会阻止用户通向该网站。而奇虎360浏览器则没有安全防范,会直接打开受中间人攻击的网页。

如果用户忽略了安全提示,就应该使用不受干扰的方式来连接iCloud。用户可以通过VPN、或者不同的网络连接点,因为中国防火墙的中间人攻击并不稳定。用户还应该启用iCloud账户的两步认证法。这样,即使密码被盗取,iCloud账户也将受到保护。

Iphone加密系统升级惹恼中国?

最新的中间人攻击也可能与iPhone 6的安全措施升级有关。当新的苹果手机细节被公布之后,中国当局似乎不愿意新的iPhone在中国大陆发售。苹果为了防止NSA的窃听,升级了手机的加密功能。但这迫使中国当局无法窥视苹果用户的资料。iPhone 6可以正式在中国发售,不知苹果是否在中国改制了该手机的安全设置。但此次对iCloud的中间人攻击,似乎说明,中国当局与苹果在新手机的某些功能上有分歧。

苹果公司曾与中国当局有过一点暧昧的浪漫史,当中国当局要求苹果在其中国网店删除某些app时,苹果就范。因此,难以想象苹果高层对此次苹果受中国攻击有何感想。

此次攻击也给与积极配合中国审查要求的外国公司发出一个清晰的信号:协助当局审查网络并不能保证这些公司在中国财路通畅。相反,协助当局审查将被视为外国公司最糟糕的决定。不仅当局会反咬你一口,而且还将失去全球其他地方的客户。我们已要求苹果公司对此次攻击作出评论。

Technical evidence of attacks against iCloud.com (Apple) and login.live.com (Microsoft)

iCloud

The GFW (Great Firewall of China) is now wiretapping Apple’s iCloud. GFW implemented a MITM attack on iCloud using a self-signed certificate.

The authorities only attacked IP 23.59.94.46. Not all users in China are affected because the iCloud DNS might return different IP addresses.

Wirecapture with MITM: https://www.cloudshark.org/captures/03a6b0593436

Self-signed certificate used in the attack: http://www.mediafire.com/download/ampbnqncc277krv/fakeicloudcert.zip

Connection log: http://pastebin.com/tN7kbDV3

Traceroute:  http://pastebin.com/8Y6ZwfzG

Hotmail MITM

Wirecap: https://www.cloudshark.org/captures/6011389a8ea3

TCP Traceroute: https://twitter.com/siyanmao/status/518963824481681408

 

评论

更多博客文章

订阅 email
显示 博客 | Google+ | Twitter | 全部 的消息. 使用 RSS 订阅我们的博客。

星期四, 11月 30, 2017

关于在中国苹果商店被审查的那674个软件

苹果对中国区的审查行为敞开了大门 - 但这似乎只是冰山一角。

星期二, 5月 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

星期一, 12月 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

星期四, 11月 24, 2016

Facebook: Please, not like this

Facebook is considering launching a censorship tool that would enable the world’s biggest social network to “enter” the China market. Sadly, nobody will be surprised by anything that Mark Zuckerberg decides to do in order to enter the China market. With such low expectations, Facebook is poised to usurp Apple as China’s favorite foreign intelligence gathering partner. If the company launches in China using this strategy they will also successfully erase any bargaining power that other media organizations may hold with the Chinese authorities.

星期二, 7月 05, 2016

GreatFire.org 现在开始测试VPN在中国的速度和稳定性

在中国有一个普遍观念,如果你有一个可以使用的VPN,那么你应该保持沉默。就信息自由而言,这种观念的问题在于获取知识竟成了一种秘密。今天,我们推出一个项目,希望能够摧毁这种模型。

我们最新的网站,翻墙中心,目的在于实时提供那些能够在中国使用的翻墙方案的信息和数据。在2011年以来我们就已经开始收集在中国被屏蔽的网站,现在我们也将增加那些可用的VPN和其他翻墙工具。

我们发布翻墙中心主要有四个目的。

我们的首要目标是助长使用翻墙工具的国人的数量。通过分享我们这些工具的信息和数据,我们希望对更广泛的受众展示那些工具时可以使用的。

我们的第二个目标是通过带来工具性能的透明化来提升中国用户的翻墙体验。我们将会测试工具的速度(流行网站的加载速度)和稳定性(流行网站加载成功的程度)。

我们开发速度测试的目的是要真实反映用户的体验。当用户在网站测速时,浏览器在后台会从10个世界上最流行的网站上下载一些资源文件。根据Alexa排名,这些网站分别是Google, Facebook, YouTube, Baidu, Amazon, Yahoo, Wikipedia, QQ, Twitter and Microsoft Live。速度的结果是简单的计算下载文件文件的大小和下载所需的时间。我们同样也会验证下载的文件是否完整。如果文件的内容是错误的或者在40秒内无法完成下载,我们会标记为失败。这个数据被我们用来生成另一个重要指标-稳定性。

其他的速度测试工具仅仅是通过发送数据到它们自己的服务器来测量上传和下载的速度。这种数据无法反应用户的体验,因为正常的浏览器通常会频繁的发送一系列的请求(而不是上传或下载一个大文件)到许多的服务器,而不止是一个。

我们的第二个指标 - 稳定性 - 是其他的服务通常不会测试的。一个健康的互联网连接应该达到100%的稳定性,除非有人在测试中把网线拔了。但是在中国使用翻墙工具却不是这样。任何时候连接都有可能变得不稳定或十分缓慢。根据请求的大小,最终的地点和代理的方式,一些请求有可能会失败。比较服务的稳定性要比比较速度更加重要。

你可以测试任意的翻墙工具,列表之外的也可以。中国的VPN用户也可以测试他们的工具,测试结果也会添加到数据库中。这些数据都将会对所有人开放。实时的在中国测试是非常重要的,因为VPN随时都可能被封锁或解封。我们欢迎任何的关于测试过程的反馈。有技术能力的用户也可以通过审查我们的javascript代码来获悉我们的测试是如何工作的。

我们郑重的邀请翻墙工具的开发者们向我们提供测试过程的反馈。我们的第三个目标是帮助这些开发人员改进他们的产品,让更多的选择适用于中国的顾客。此外,越多的工具可以工作,就意味着中国当局对翻墙的打击就会越难。

中国的用户都知道,在过去的18个月中当局加紧了对翻墙工具的攻击。而翻墙中心将会吹响反击的号角。反其道而行之,让这不再成为秘密。我们要鼓励人们分享翻墙工具可以工作的信息。

我们的第四个目标就是要为GreatFire.org创造收益。目前GreatFire仍然依靠世界各地的热心人士和组织的捐款。我们希望减少对这些机构的依赖,并探寻GreatFire.org自给自足的道路。用户只需到翻墙中心就能购买任意一款我们目前在测试的付费工具。GreatFire将作为这些工具在中国的经销商,因此VPN供应商会给予我们每个零售的一部分。用户也不必在中国购买这些翻墙服务。

使用 RSS 订阅我们的博客。

评论

uk.yahoo.com is also giving untrusted certificate warnings at this present time.

I'm surprised they've used self-signed. Surely they could have issued certs through cnnic (www.cnnic.cn). Most browsers trust their CA. You can test your browser by going to Https://Evdemo.cnnic.cn

@Anonymous: Because if they did that, cnnic would definitely not be trusted anymore...

Pretty creepy, they don't mind being as obvious as this...and this 360 browser accepts self-signed certificates by default? Wow.

On the other hand, can we rule out that it was an attack not connected to the Chinese government? Were all DNS servers in China affected? Why would they stop the attack this quick (icloud goes to the right IP for me now and I use my provider's DNS servers)? Not that I would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...). Hmm when thinking about it, this poisoning must have been done through the GFW...any more detailed technical analysis available? Any official comments from CNNIC?

看我口型。操~~~他~~~妈~~~

Is the information obtained limited to iCloud users' data?

Is the information obtained limited to iCloud users' data?

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
new year sms in hindi 2015
happy new year sms 2015
happy new year 2015 wallpapers
happy new year 2015 quotes
happy new year 2015
happy new year wishes 2015

This is really bad.Hope that steps will be taken in Year 2015 for better security.

Vry..Vry..Vry..Needful 4 my computer PPT....Thankxxx sooo much

Thanks a really nice post thanks for sharing.
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Republic Day 2015
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Republic Day 2015
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Happy Republic Day 2015 SMS

McCoy does not shy from prevents and by most reports they
was a team participant with all the Eagles. and it has a huge amount of
has under his belt|it has a huge amount of carries under his belt and is 27 Your examination of the business and We agree generally, but the material about McCoyis
mindset and designed -the- problems is baloney.

Check out my web site: gift.ii-houyou.com (Jacob)

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

Paragraph writing is also a fun, if you know
then you can write otherwise it is complicated to write.

My website How To Seo Html (Http://Support.Semanticmastery.Com/)

thanks for this post, keep it up for updating us, i am waiting for ur new article.
IPL8 live stream 2015
thanks again

Mind Blowing.. post great work

PC Games

Thanks Great Share.

Technology

LinkedIn decided to create a China-hosted version ?

Tech Blog

this is great information. article is ol;d but information is great
http://www.surveyremoveronline.com/

this is great information. article is ol;d but information is great
http://www.surveyremoveronline.com/

its time to grow up now for the best world and info you'll got.
Facebook Hacker

Exclusive release first on Internet Fifa 16 Crack arrived. Try the latest version of our fifa crack today and impress all of your friends with amazing highscores rankings - free of charge.

We have spent months developing this crack so that you can generate an unlimited amount of free Points, Coins.
http://fifacrack.com/

Republic Day 2016 Images

http://festivalsbag.com/

Republic Day 2016 Images
http://festivalsbag.com/

Republic Day 2016 Images
http://festivalsbag.com/

On the other hand, can we rule out that it was an attack not connected to the Chinese government? Were all DNS servers in China affected? Why would they stop the attack this quick (icloud goes to the right IP for me now and I use my provider's DNS servers)? Not that
would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...). Hmm when thinking about it, this poisoning must have been done through the GFW...any more detailed technical analysis available? Any official comments from CNNIC http://www.sbnation.com/users/obatperangsang

is also giving untrusted certificate warnings at this present time. http://obatfrigid.com/obat-perangsang-pria.html

is also giving untrusted certificate warnings at this present time
http://toko-qta.com/

would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...
http://tokovital.com/obat-perangsang-wanita.html

would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly
https://www.sbnation.com/users/perangsangwanita

Berita Terkini ElangNews.com http://www.elangnews.com/

Nonton bola online streaming http://nobartv.com

Komunitas fans bola indonesia http://soccerio.net

thank you very much for the article, hopefully by reading this article can add to my knowledge and experience and all friends who have read the content in this article http://www.obatpengikatwanita.com/

the application permits you making this examination on any kind of network, androdumpperr as well as run the installer data to comply with the setup directions.

Progression as it speeds with the DHL network. You'll Tracking to awaiting distributions that do not turn up as intended.

is also giving untrusted certificate warnings at this present time
http://www.tokomurah.id/

Progression as it speeds with the DHL network. You'll Tracking (http://www.tokomurah.id/obat-pelangsing-badan/) to awaiting distributions that do not turn up as intended.

Indeks berita bola terbaru hari ini pada NobarTV http://nobartv.com/index-berita/2018
Indeks jadwal streaming bola online hari ini di NobarTV http://nobartv.com/index-pertandingan/2018

Thank you for sharing the post. I didn't know that the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud, Yooying where will they want to reach now, there were too many website and apps are blocked in China already.

添加新评论

Filtered HTML

  • 自动将网址与电子邮件地址转变为链接。
  • 允许的HTML标签:<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • 自动断行和分段。

Plain text

  • 不允许HTML标记。
  • 自动将网址与电子邮件地址转变为链接。
  • 自动断行和分段。
By submitting this form, you accept the Mollom privacy policy.