"We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” [source]
I don't know much about how internet works, but as long the chines gov has access to the chines internet providers servers, why do they need to hack gmail accounts? I assume that i don't understand how submitting/writing a message(from user to gmail servers) works, in order to be sent later to the other email address.
Who can tell me how submitting a message to a web form works?
-
Web access to web form can be done through https protocol, which has encrypted traffic, so simple packet dump don't give you access to message contained in this packet.
Cristian Ciupitu : That's correct, but on the other hand HTTPS isn't immune to a man-in-the middle attack if your browser trusts an evil CA (Certification Authority). The CA can issue a certificate for `gmail.com` which then can be used for a fake Gmail server. The average user won't notice anything, unless he/she looks at the CA that signed the certificate and he/she knows it's not the right one. Firefox has a CA certificate from *China Internet Network Information Center*. I'll let others decide if this organization is evil or not.From Dmitry Trukhanov
0 comments:
Post a Comment