Apple, Google, and Mozilla have moved in to ban a root certificate the Kazakhstan government used in the past month to spy on its citizens’ web traffic. From a report: Starting today, Chrome, Firefox, and Safari will show errors if any HTTPS web traffic is encrypted with the Kazakh government’s root or leaf certificates. This coordinated action will ensure the safety of Kazakh users who were forced last month by their local Kazakh ISPs to install this certificate under the threat of not being allowed to use the internet otherwise. Kazakh ISPs forced their customers to install the government’s root certificate after the Kazakh government issued a decree and said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.” But in reality, the Kazakh government abused this root certificate installed in millions of users browsers to intercept and decrypt HTTPS traffic users were making to 37 domains, such as such Facebook, Google, Twitter, Instagram, and YouTube.
Read more of this story at Slashdot.
Source:
https://yro.slashdot.org/story/19/08/21/1533225/apple-google-and-mozilla-block-kazakhstans-https-intercepting-certificate?utm_source=rss1.0mainlinkanon&utm_medium=feed