苹果iCloud在中国遭中间人攻击

中国当局对苹果的云服务iCloud发起中间人攻击(MITM)。此前,有调查显示,中国对Github、谷歌、雅虎和微软都发动了中间人攻击。此次对iCloud的中间人攻击,与此前对谷歌、Github和雅虎的攻击不同。此次对苹果的攻击,是为了盗取用户的登录名和密码,以及储存在iCloud上的所有数据,包括iMessage、照片、联络人等。

此次对苹果的攻击是全国性的,且发生在iPhone 6在中国开售首日(10月18日)。中国防火墙GFW正在通过一张假的安全证书,对苹果的iCloud发起中间人攻击。当局仅攻击了IP地址 23.59.94.46. 。并非中国大陆的所有用户都受到影响,因为iCloud的DNS服务器返回的IP地址可能不同。

icloud2.png

此前对谷歌和雅虎的中间人攻击,中国当局从中获取了中国网民这两个平台上所获得的信息。此次对苹果的攻击中,如果用户忽视安全警告,直接点进苹果网站并输入用户名和密码,他们的登入信息将被当局获取。许多苹果用户使用iCloud来存储个人信息,包括iMessages,照片和联络人等。Greatfire推测,此次苹果受攻击,可能与香港占中的图像信息被分享到大陆有关。

用户要如何对抗此次攻击?

中国网民首先要在电脑和移动设备上使用可靠的浏览器:Firefox和Chrome在某网站遭中间人攻击时,都会阻止用户通向该网站。而奇虎360浏览器则没有安全防范,会直接打开受中间人攻击的网页。

如果用户忽略了安全提示,就应该使用不受干扰的方式来连接iCloud。用户可以通过VPN、或者不同的网络连接点,因为中国防火墙的中间人攻击并不稳定。用户还应该启用iCloud账户的两步认证法。这样,即使密码被盗取,iCloud账户也将受到保护。

Iphone加密系统升级惹恼中国?

最新的中间人攻击也可能与iPhone 6的安全措施升级有关。当新的苹果手机细节被公布之后,中国当局似乎不愿意新的iPhone在中国大陆发售。苹果为了防止NSA的窃听,升级了手机的加密功能。但这迫使中国当局无法窥视苹果用户的资料。iPhone 6可以正式在中国发售,不知苹果是否在中国改制了该手机的安全设置。但此次对iCloud的中间人攻击,似乎说明,中国当局与苹果在新手机的某些功能上有分歧。

苹果公司曾与中国当局有过一点暧昧的浪漫史,当中国当局要求苹果在其中国网店删除某些app时,苹果就范。因此,难以想象苹果高层对此次苹果受中国攻击有何感想。

此次攻击也给与积极配合中国审查要求的外国公司发出一个清晰的信号:协助当局审查网络并不能保证这些公司在中国财路通畅。相反,协助当局审查将被视为外国公司最糟糕的决定。不仅当局会反咬你一口,而且还将失去全球其他地方的客户。我们已要求苹果公司对此次攻击作出评论。

Technical evidence of attacks against iCloud.com (Apple) and login.live.com (Microsoft)

iCloud

The GFW (Great Firewall of China) is now wiretapping Apple’s iCloud. GFW implemented a MITM attack on iCloud using a self-signed certificate.

The authorities only attacked IP 23.59.94.46. Not all users in China are affected because the iCloud DNS might return different IP addresses.

Wirecapture with MITM: https://www.cloudshark.org/captures/03a6b0593436

Self-signed certificate used in the attack: http://www.mediafire.com/download/ampbnqncc277krv/fakeicloudcert.zip

Connection log: http://pastebin.com/tN7kbDV3

Traceroute:  http://pastebin.com/8Y6ZwfzG

Hotmail MITM

Wirecap: https://www.cloudshark.org/captures/6011389a8ea3

TCP Traceroute: https://twitter.com/siyanmao/status/518963824481681408

 

评论

更多博客文章

订阅 email
显示 博客 | Google+ | Twitter | 全部 的消息. 使用 RSS 订阅我们的博客。

星期一, 6月 10, 2019

苹果审查中国西藏的信息

苹果在涉及西藏的审查方面有着悠久历史。 2009年,据计算机世界网透露 ,与达赖喇嘛有关的几个应用程序在苹果的中国区应用商店中不存在。这些应用的开发者未收到他们的应用被删除的通知。当面对这些审查制度时,苹果发言人只是说该公司将“继续遵守当地法律”。

2017年12月,在中国的一次会议上,当被问及与中国当局合作审查苹果应用商店时,蒂姆·库克 宣称

“所以你的选择是参与进去,还是站在局外,吼叫着事情应当怎样?我自己的看法非常强烈,你得进入赛场,因为没有任何东西会从局外发生改变。"

自苹果公司首次因与中国当局合作以遏制已被边缘化的声音而被批评的十年间,情况发生了什么变化?苹果继续严格遵守中国当局的审查令。蒂姆库克什么时候会期望他的公司能帮助在中国带来积极的变化?

根据生成的数据 https://applecensorship.com,Apple现在已经审查了在中国应用商店中29个西藏的热门应用程序。关于新闻,宗教研究,旅游甚至游戏的西藏主题应用程序正在被苹果审查。最下方附有完整的审查应用列表。

“苹果的领导力隐藏在他们审查应用程序以遵守模糊的'中国当地法律'的借口,但他们的行为缺乏任何透明度。通过从中国苹果应用商店删除藏文和其他许多应用程序,苹果阻碍了藏人获取信息和自由表达自己的能力,这是国际法下的一项基本人权。“ TibCERT(西藏计算机应急准备小组)的响应协调员Dorjee Phuntsok说道。 他们与GreatFire合作对被屏蔽的应用程序进行了分析。

   2019年1月,GreatFire推出了applecensorship.com。在那时,GreatFire联合创始人马丁约翰逊指出:“苹果公司在其透明度报告中没有分享有关应用商店审查的信息 - 该项目强制透明度。蒂姆库克可以随心所欲地说苹果在中国做了或没有做什么,但 applecensorship.com 提供了可以实际看到苹果实施审查原始数据的途径。

分析苹果在中国审查的iOS应用程序

有许多应用程序由藏人或为藏人制作,苹果正在审查中国区应用商店中的许多应用程序。了解某些应用程序被阻止的方式和原因以及这些决策背后的基本原理非常重要。为了解这一点,TibCERT(西藏应急准备小组)对在中国应用商店中被审查的藏文应用程序进行了分析。该研究使用关键字搜索藏文应用程序,然后使用GreatFire提供的应用程序审查平台。

TibCERT分析了119个以藏语为主题的iOS应用程序。使用“西藏”,“藏人”,“达赖喇嘛”,“佛教”,“藏传佛教”,等关键词搜索苹果应用商店时,可以找到下面列出的应用程序。这些应用程序分为五大类:“宗教或文化”,“媒体/政治”,“娱乐”,“工具”和“教育”。

星期四, 6月 06, 2019

重点关注苹果在中国审查实践的报告

最新的 数字版权企业责任指数排名 就公司和政府需要做些什么来提出建议,以改善全球互联网用户的人权保护。数字版权排名(RDR)旨在通过为公司尊重和保护用户权利制定全球标准和激励措施,以促进互联网上的言论自由和隐私权。

在他们的2019年责任指数中,RDR着眼于24家世界上最重要的互联网公司在言论自由和隐私方面的政策,并强调了那些尚需努力和已经取得改进的公司。 RDR指出:

透明度不足使私人政党,政府和公司本身更容易通过网络言论滥用权力,并规避责任。

特别是,该报告强调了苹果如何滥用其网络言论的权力,并在中国指出这一点。根据该报告,苹果公司在面对政府当局提出的要求时,并未披露其从App Store中删除内容的数据。

虽然[苹果]披露了有关政府限制帐户请求的数据,但它没有披露有关内容删除请求的数据,例如从苹果应用商店删除应用程序的请求。苹果公司对其影响言论自由的政策和做法讳莫如深,这让它的排名低于此类别的所有其他美国公司。

该报告为政府提出了明智而感性的建议。然而,这些建议还强调了与中国政府进行这些讨论是多么的困难。

RDR 建议政府要求公司的透明度并保持透明度。中国当局采取相反的做法 - 他们不希望在这些问题上保持透明度,因为它突显了他们不希望公众了解的信息。当局不希望公司透明,他们可能直接指示Apple不发布他们正删除的内容列表。

苹果可能真的认为他们必须遵守中国的法律条文。或者他们也可能愿意分享有关App Store中被审查内容的信息,但有碍于被中国当局束手束脚。苹果还可能会利用这种情况作为他们打击中国言论自由的掩护。无论Apple的真实动机如何,透明度都能够并已经被强加给他们。

在2019年1月,GreatFire发布了 applecensorship.com。该项目监控Apple在公司运营的每个市场中对App Store的审查。应用程序的可用性测试由网站访问者进行。截至今天,用户生成的测试已经确定了 超过1100个 在中国应用商店中不可用的应用。在中国受审查的应用程序包括那些涉及宗教,新闻,隐私和翻墙的应用程序。通过审查有助于规避审查限制的应用程序,苹果确实的让中国人无法自由访问信息。苹果的中国用户或许认为他们买到的是一流的设备 - 但可以肯定的是,该公司将他们视为二等信息公民。

RDR建议苹果对言论自由的限制保持透明,并公布有关公司因政府要求而删除内容所采取行动的数据。我们邀苹果审核我们在 applecensorship.com 上公开发布的数据,并根据中国当局的指示突出显示已删除应用的情况。

星期四, 11月 30, 2017

关于在中国苹果商店被审查的那674个软件

苹果对中国区的审查行为敞开了大门 - 但这似乎只是冰山一角。

星期二, 5月 23, 2017

Is China establishing cyber sovereignty in the United States?

Last week Twitter came under attack from a DDoS attack orchestrated by the Chinese authorities. While such attacks are not uncommon for websites like Twitter, this one proved unusual. While the Chinese authorities use the Great Firewall to block harmful content from reaching its citizens, it now uses DDoS attacks to take down content that appears on websites beyond its borders. For the Chinese authorities, it is not simply good enough to “protect” the interests of Chinese citizens at home - in their view of cyber sovereignty, any content that might harm China’s interests must be removed, regardless of where the website is located.

And so last week the Chinese authorities determined that Twitter was the target. In particular, the authorities targeted the Twitter account for Guo Wengui (https://twitter.com/KwokMiles), the rebel billionaire who is slowly leaking information about corrupt Chinese government officials via his Twitter account and through his YouTube videos. Guo appeared to ramp up his whistle-blowing efforts last week and the Chinese authorities, in turn, ramped up theirs.

via https://twitter.com/KwokMiles/status/863689935798374401

星期一, 12月 12, 2016

China is the obstacle to Google’s plan to end internet censorship

It’s been three years since Eric Schmidt proclaimed that Google would chart a course to ending online censorship within ten years. Now is a great time to check on Google’s progress, reassess the landscape, benchmark Google’s efforts against others who share the same goal, postulate on the China strategy and offer suggestions on how they might effectively move forward.

flowers on google china plaque

Flowers left outside Google China’s headquarters after its announcement it might leave the country in 2010. Photo: Wikicommons.

What has Google accomplished since November 2013?

The first thing they have accomplished is an entire rebranding of both Google (now Alphabet) and Google Ideas (now Jigsaw). Throughout this blog post, reference is made to both new and old company names.

Google has started to develop two main tools which they believe can help in the fight against censorship. Jigsaw’s DDoS protection service, Project Shield, is effectively preventing censorship-inspired DDoS attacks and recently helped to repel an attack on Brian Krebs’ blog. The service is similar to other anti-DDoS services developed by internet freedom champions and for-profit services like Cloudflare.

使用 RSS 订阅我们的博客。

评论

uk.yahoo.com is also giving untrusted certificate warnings at this present time.

I'm surprised they've used self-signed. Surely they could have issued certs through cnnic (www.cnnic.cn). Most browsers trust their CA. You can test your browser by going to Https://Evdemo.cnnic.cn

@Anonymous: Because if they did that, cnnic would definitely not be trusted anymore...

Pretty creepy, they don't mind being as obvious as this...and this 360 browser accepts self-signed certificates by default? Wow.

On the other hand, can we rule out that it was an attack not connected to the Chinese government? Were all DNS servers in China affected? Why would they stop the attack this quick (icloud goes to the right IP for me now and I use my provider's DNS servers)? Not that I would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...). Hmm when thinking about it, this poisoning must have been done through the GFW...any more detailed technical analysis available? Any official comments from CNNIC?

看我口型。操~~~他~~~妈~~~

Is the information obtained limited to iCloud users' data?

Is the information obtained limited to iCloud users' data?

inspired a lot from this post am following this blog regularly and found very good for bookmarking thanks admin
new year sms in hindi 2015
happy new year sms 2015
happy new year 2015 wallpapers
happy new year 2015 quotes
happy new year 2015
happy new year wishes 2015

This is really bad.Hope that steps will be taken in Year 2015 for better security.

Vry..Vry..Vry..Needful 4 my computer PPT....Thankxxx sooo much

Thanks a really nice post thanks for sharing.
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Republic Day 2015
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Republic Day 2015
[http://www.happyrepublicday-2015.com/ Republic Day 2015] Happy Republic Day 2015 SMS

McCoy does not shy from prevents and by most reports they
was a team participant with all the Eagles. and it has a huge amount of
has under his belt|it has a huge amount of carries under his belt and is 27 Your examination of the business and We agree generally, but the material about McCoyis
mindset and designed -the- problems is baloney.

Check out my web site: gift.ii-houyou.com (Jacob)

this post is awesome, great msg for us, plz update ur blog for daily basis, i am regular visitor of this site, so keep posting for us,

click the below links to create backlink
best free backlink website
click here for msg movie

Paragraph writing is also a fun, if you know
then you can write otherwise it is complicated to write.

My website How To Seo Html (Http://Support.Semanticmastery.Com/)

thanks for this post, keep it up for updating us, i am waiting for ur new article.
IPL8 live stream 2015
thanks again

Mind Blowing.. post great work

PC Games

Thanks Great Share.

Technology

LinkedIn decided to create a China-hosted version ?

Tech Blog

this is great information. article is ol;d but information is great
http://www.surveyremoveronline.com/

this is great information. article is ol;d but information is great
http://www.surveyremoveronline.com/

its time to grow up now for the best world and info you'll got.
Facebook Hacker

Exclusive release first on Internet Fifa 16 Crack arrived. Try the latest version of our fifa crack today and impress all of your friends with amazing highscores rankings - free of charge.

We have spent months developing this crack so that you can generate an unlimited amount of free Points, Coins.
http://fifacrack.com/

Republic Day 2016 Images

http://festivalsbag.com/

Republic Day 2016 Images
http://festivalsbag.com/

Republic Day 2016 Images
http://festivalsbag.com/

On the other hand, can we rule out that it was an attack not connected to the Chinese government? Were all DNS servers in China affected? Why would they stop the attack this quick (icloud goes to the right IP for me now and I use my provider's DNS servers)? Not that
would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...). Hmm when thinking about it, this poisoning must have been done through the GFW...any more detailed technical analysis available? Any official comments from CNNIC http://www.sbnation.com/users/obatperangsang

is also giving untrusted certificate warnings at this present time. http://obatfrigid.com/obat-perangsang-pria.html

is also giving untrusted certificate warnings at this present time
http://toko-qta.com/

would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly secured big provider's DNS server (but then it wouldn't affect everybody in China...
http://tokovital.com/obat-perangsang-wanita.html

would not think that the government has hands in this, but I would not be surprised if it was a successful attack to a poorly
https://www.sbnation.com/users/perangsangwanita

Berita Terkini ElangNews.com http://www.elangnews.com/

Nonton bola online streaming http://nobartv.com

Komunitas fans bola indonesia http://soccerio.net

thank you very much for the article, hopefully by reading this article can add to my knowledge and experience and all friends who have read the content in this article http://www.obatpengikatwanita.com/

the application permits you making this examination on any kind of network, androdumpperr as well as run the installer data to comply with the setup directions.

Progression as it speeds with the DHL network. You'll Tracking to awaiting distributions that do not turn up as intended.

is also giving untrusted certificate warnings at this present time
http://www.tokomurah.id/

Progression as it speeds with the DHL network. You'll Tracking (http://www.tokomurah.id/obat-pelangsing-badan/) to awaiting distributions that do not turn up as intended.

Indeks berita bola terbaru hari ini pada NobarTV http://nobartv.com/index-berita/2018
Indeks jadwal streaming bola online hari ini di NobarTV http://nobartv.com/index-pertandingan/2018

Thank you for sharing the post. I didn't know that the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud, Yooying where will they want to reach now, there were too many website and apps are blocked in China already.

添加新评论

Filtered HTML

  • 自动将网址与电子邮件地址转变为链接。
  • 允许的HTML标签:<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • 自动断行和分段。

Plain text

  • 不允许HTML标记。
  • 自动将网址与电子邮件地址转变为链接。
  • 自动断行和分段。
By submitting this form, you accept the Mollom privacy policy.