Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

mike805 (mike805@fosstodon.org)'s status on Thursday, 21-Sep-2023 06:44:25 JST mike805
in reply to
- Chuso Pérez
@chuso Is there any way to blacklist that cert in a browser? If not then TLS is quite useless.

In conversation about a year ago from fosstodon.org permalink
- Disinformation Purveyor :verified_think: likes this.
- Chuso Pérez (chuso@fosstodon.org)'s status on Thursday, 21-Sep-2023 06:44:27 JST Chuso Pérez
  in reply to
  
  @mike805 Well, if you see the screenshot, I was using OpenSSL for the checks. There is no AdBlock for OpenSSL 😄
  But it seems this Allot certificate is typically found when ISPs need to MITM your connection to enforce some blocks from court orders or similar: https://fosstodon.org/@chuso/111098873754183761
  Now I wonder what they needed to block in one specific Periscope server.
  In conversation about a year ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Chuso Pérez (@chuso@fosstodon.org)
    
    from Chuso Pérez
    
    OK, so a Google search for the certificate OU shows that this typically happens when some national authority wants to block some website: https://www.google.com/search?q=%22C%20%3D%20ES%2C%20ST%20%3D%20Madrid%2C%20L%20%3D%20Madrid%2C%20O%20%3D%20Allot%2C%20OU%20%3D%20Allot%22 I don't know why would anyone want to block a Periscope server (and only one).
- Chuso Pérez (chuso@fosstodon.org)'s status on Thursday, 21-Sep-2023 06:44:28 JST Chuso Pérez
  in reply to
  
  I know there are various reasons why you may end up connecting to different hosts when you access the same IP address from different locations, but I find it suspicious that from home I get a certificate issued from Allot to Allot for 10 years.
  
  In conversation about a year ago permalink
- mike805 (mike805@fosstodon.org)'s status on Thursday, 21-Sep-2023 06:44:28 JST mike805
  in reply to
  - Chuso Pérez
  @chuso Yes that sounds like an MITM, what is the root cert for that? Are you sure it is not security or adblocking software on your own machine? Some security software generates certs on the fly to MITM, with its own root cert on your machine. They should not be able to get arbitrary certs like that, and if they can do that with a public root cert, someone messed up.
  
  In conversation about a year ago permalink
- Chuso Pérez (chuso@fosstodon.org)'s status on Thursday, 21-Sep-2023 06:44:29 JST Chuso Pérez
  
  I'm getting a warning when I try to access https://prod-ec-us-east-1.video.pscp.tv about an untrusted certificate valid for 10 years issued by Allot to Allot, which seems to be an Israeli company that does DPI among other things.
  When I try to access the same domain name from one of my VPSs, I get a 1-year valid certificate issued by DigiCert to Twitter (which is the real owner of the domain name).
  From both places, the domain name resolves to the same IP address.
  Am I being MITMed by my ISP??
  #Infosec #DPI
  In conversation about a year ago permalink
  Attachments

Public

Conversation

Notices

Feeds