[cryptography] Gogo inflight Internet uses fake SSL certs to MITM their users

Jon Callas jon at callas.org
Thu Jan 8 18:35:06 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On Jan 6, 2015, at 5:22 PM, Seth <list at sysfu.com> wrote:

> On Tue, 06 Jan 2015 14:37:37 -0800, Nathan Dorfman <na at rtfm.net> wrote:
>> Gonna go out on a limb here and strongly suggest not trusting any
>> *.google.com certificate signed by these guys.
> 
> Has anyone on the list had success running the Tor Browser Bundle over a Gogo in flight connection?

Pffft. A simple local VPN works just fine to get around their stuff. I'm very happy with the VPN I'm presently using. The clever person can figure out who it is from this email.

Well, I'll be. I am on a Gogo-enabled flight even as we squeak, and I just turned my VPN off to go get you one of their certs. They're letting me get to YouTube and Vimeo just fine now. I guess someone got some sense. It was pretty hamfisted and really just reminded me to turn on my VPN.

	Jon



-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii

wsBVAwUBVK8UdfD9H+HfsTZWAQhWtQf/RHxdt7ulBG3SRl6jORFabc/tCmTMeP6U
cAHB2Ex0D7dFZLE2WalYKKMd2s+JGB6zmf/ZycryaCapfXii9SyZB0l/EJBMw0y6
zNfgGQJ1ZNCtx8trpkFV9huNEZ7ynC4nInPpb7aRccHWl4HkvPhNWqHqjlVF8YJi
5SyDQ3dOD4lxM/mwcbXYEme/dsHEs566/GVjzcFNdObI9E0Sf24h35fljxvdn8ox
Tz8110fqmyirPxs/APqlgLXMfeNgCDpc+jrDjCyGmT93D5jVDJ0OtzGg6AYLJkGT
nyFln9NfoScnpCcEXUZ1mCD1bGyIm6YCnIJLJWGRpVdpWo7eKgMEFg==
=FcUr
-----END PGP SIGNATURE-----


More information about the cryptography mailing list