Home » Archive by category "Political" (Page 3)

伊朗透過 BGP 管制網路的手段影響其他國家網路...

Dyn (之前被 DDoS 打爆,過一陣子被 Oracle 買去的那個 Dyn) 的這篇「Iran Leaks Censorship via BGP Hijacks」講到他們偵測到伊朗透過 BGP hijack 管制網站的問題。

前陣子伊朗透過 private ASN 放了 99.192.226.0/24 出來,影響到其他國家:

Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites.

由於這段 IP address 在 internet 上是以 99.192.128.0/17 在放,就因為 /24 優先權比較高而被蓋過去影響到全世界...

然後過了幾天,開始攻擊蘋果的 iTunes 服務,不過這次是以 /32 放出來。由於大多數收的最小單位是 /24,這次的影響沒有上次大:

In addition, TIC announced BGP hijacks for 20 individual IPs associated with Apple’s iTunes service. These too were carried by Omantel to the outside world, albeit with a smaller footprint due to the fact that BGP routes for /32’s typically don’t propagate very far.

這看得出來 routing 在 internet 上還是非常脆弱...

電信商對 Zero Rating 與網路中立性的問題

在「AT&T users will be able to stream DirecTV Now without using their data」這邊才看到 FCC 在這個月月初針對電信商對特定服務的 zero rating 發出警告:「The FCC tells AT&T it may be violating net neutrality with its DirecTV plans」:

AT&T is far from the only US carrier to zero rate data. T-Mobile has been ostentatiously offering free data for music and movies for a year now, and Verizon also zero rates video from its Go90 app. But in zero rating DirecTV, the FCC thinks AT&T may have gone too far.

AT&T 說任何人只要付錢都可以參加這個 plan:

AT&T’s argument is that any company that participates in its Sponsored Data program has to pay AT&T for it, and that includes DirecTV.

但問題還是在 AT&T 擁有 DirecTV,所以是左手付到右手:

Except, again, AT&T owns DirecTV, so even if one division is paying another, the overall company still ends up not paying any money.

而且這筆金額其實不小:

The situation for other companies is very different — and the FCC believes that the price they’d have to pay is “significant[.]”

不過總統快換人了,很有可能會往更糟的方向前進...

英國通過法案要求 ISP 記錄使用者觀看過的網站

英國前幾天通過了最激烈的隱私侵犯法案,要求 ISP 必須記錄使用者觀看過的網站:「Britain has passed the 'most extreme surveillance law ever passed in a democracy'」:

The law forces UK internet providers to store browsing histories -- including domains visited -- for one year, in case of police investigations.

不愧是 George Orwell 生前的國家,居然先實現了他的理想國... 接下來 Let's EncryptTor 的重要性就更高了。

華盛頓郵報的歷史創舉:呼籲對告密者的求刑

英國衛報華盛頓郵報因報導 Snowden 事件而拿到 2014 年的普立茲獎後,華盛頓郵報正式公開立場,表達應該將 Snowden 弄回美國受審,而非現在大家在呼籲的特赦:「WashPost Makes History: First Paper to Call for Prosecution of Its Own Source (After Accepting Pulitzer)」。

In doing so, the Washington Post has achieved an ignominious feat in U.S. media history: the first-ever paper to explicitly editorialize for the criminal prosecution of its own source — one on whose back the paper won and eagerly accepted a Pulitzer Prize for Public Service. But even more staggering than this act of journalistic treachery against the paper’s own source are the claims made to justify it.

華盛頓郵報的說法更是無恥:

The complication is that Mr. Snowden did more than that. He also pilfered, and leaked, information about a separate overseas NSA Internet-monitoring program, PRISM, that was both clearly legal and not clearly threatening to privacy. (It was also not permanent; the law authorizing it expires next year.)

這從來就不是合法的問題,而是侵犯人權的問題,合法的事情在事後甚至被制定憲法修正案而推翻的事情多的是。美國的女性在 1920 年才擁有投票權 (透過「美國憲法第十九修正案」)。

第四權必須發揮應有的能力去推動政府往正確的方向前進。在拿到普立茲獎後以「合法」的角度來論述淪落為政府打手,墮落至此...

Google Allo 減弱本來的安全設計

Google Allo 減弱了本來的安全設計:「Google backs off on previously announced Allo privacy feature」。

藉由修改預設行為減弱:

The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form.

本來的預設值不會記錄身份,現在會了。而 The Verge 的猜設是這樣可以減少其他類似的情況,藉以討好政府:

That leaves Google with much less danger of the kind of legal showdown Apple faced in San Bernardino and WhatsApp currently faces in Brazil.

英國 GCHQ 打算在英國實施全國大規模的 DNS filtering 過濾機制

如標題所提到的,GCHQ 打算以安全為由,實施大規模的 DNS filtering 機制:「GCHQ planning UK-wide DNS ‘firewall’」,GCHQ 的官方新聞稿在「A new approach for cyber security in the UK」這邊。

很類似 GFW 的作法,但在英國這種國家這樣做太明顯,所以政府需要使用 FUD (Fear, Uncertainty, Doubt) 的方式恐嚇公民,藉由洗腦公民取得更多的權力。

這次是對 DNS level 過濾,如果政策成功地壓過去實施,接下來就會有更多的機制來過濾對當政者不利的言論。

在 Google Chrome 連上因 HSTS 而無法連線的網站

Update (2018/03/15):字串改了,請參考「本來 Google Chrome 要繞過 HSTS 的 badidea 被換掉了...」。

像是把 StartCom 停用掉後造成 www.kernel.org 無法連線的問題:

前幾天在 Twitter 上看到解法:

說道 StartCom,StartCom 與 WoSign 的故事才剛要開始,前陣子在「Mozilla 在考慮移除 WoSign 的 CA Root」這邊提到的問題,最近 mailing list 上越來愈刺激了。(發現更多沒有通報的問題)

另外也發現 StartCom 被 WoSign (的 CEO) 買下來了,當初因為「Why I stopped using StartSSL (Hint: it involves a Chinese company)」而移除信任,看起來情況只會更糟糕...

Archives