
British mobile ISP SSL MITM attack for the purposes of censorship - Shanea93
https://www.reddit.com/r/unitedkingdom/comments/5e817w/three_mobile_network_has_today_without_warning/
======
viraptor
More about the product:
[https://umbrella.cisco.com/products/features](https://umbrella.cisco.com/products/features)

Seems like a very misconfigured deployment, since no normal mobile user will
use third party CA to connect via Three. I don't expect that this is on
purpose.

When they did them same thing at OpenDNS
([https://www.snip2code.com/Snippet/1503745/opendns-is-man-
in-...](https://www.snip2code.com/Snippet/1503745/opendns-is-man-in-the-
middling-me/)) the certificate was valid only for 3 days:

    
    
            Issuer: CN=Cisco Umbrella Secondary SubCA nyc-SG, O=Cisco
            Validity
                Not Before: Oct 18 20:32:18 2016 GMT
                Not After : Oct 23 20:32:18 2016 GMT

------
Shanea93
Full disclosure, that's my post, I just thought it would be relevant to your
interests. It's deplorable how they're putting tools in place to infringe on
the privacy of an entire country using such dangerous tools as _wikipedia_.

------
cjbprime
Are the certs self-signed?

~~~
Shanea93
It doesn't appear so, the certificates appear to be signed by Cisco,
presumably on some kind of dedicated hardware firewall designed to filter -
but it's entirely possible that the service is being ran by Cisco and they're
generating false certificates on-the-fly as part of the interception.

~~~
cjbprime
Can you post full data for an example certificate?

