The Electronic Frontier Foundation has exposed a man-in-the-middle attack against the secure (https) version of the Facebook site by the Syrian Telecom Ministry!
The EFF says the best way to get around this is to use a known-good proxy service to access your Facebook account. If you are in Syria or are planning a visit, I would recommend paying for a proxy service and getting yourself setup before your trip, and after reading this story, I would be using that proxy for all my internet access there!!!The attack is not extremely sophisticated: the certificate is invalid in user's browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users' only line of defense.
The full story, including the fake certificates, can be read here:
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
Bookmarks