1
bearice OP 艹,影响范围似乎是全国,我在青岛和广西的节点上测试,也发现了同样的问题
|
2
bearice OP 可以使用命令
curl https://23.59.94.46 -vk -H'Host: www.icloud.com' -I 进行测试,如果结果里有 * Server certificate: * subject: C=cn; O=www.icloud.com; CN=www.icloud.com * start date: 2014-10-04 10:35:47 GMT * expire date: 2015-10-04 10:35:47 GMT * issuer: C=cn; O=www.icloud.com; CN=www.icloud.com * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. 说明中招 |
3
casparchen 2014-10-18 09:55:21 +08:00
Server certificate:
* subject: 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=California; businessCategory=Private Organization; serialNumber=C0806592; C=US; postalCode=95014; ST=California; L=Cupertino; street=1 Infinite Loop; O=Apple Inc.; OU=Internet Services for Akamai; CN=www.icloud.com * start date: 2014-04-16 00:00:00 GMT * expire date: 2016-04-16 23:59:59 GMT * issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 EV SSL CA - G3 * SSL certificate verify ok. |
4
Showfom 2014-10-18 10:02:36 +08:00 via iPhone
草 这样岂不是太恶心了 手机里的隐私联通岂不是直接拿去看了
|
5
Showfom 2014-10-18 10:03:41 +08:00 via iPhone
移动4G测试没问题 看来以后联通上网的时候要小心了
|
7
qiuai 2014-10-18 10:48:01 +08:00
山东联通正常?
|
8
mtglichking 2014-10-18 11:00:20 +08:00 via iPhone
联通 3G 也没问题。
其实苹果应该不会被中间人攻击的……苹果与中国政府关系挺好的,现在比微软都强 |
9
binghe 2014-10-18 11:35:49 +08:00
win下有没有命令可以测试?
|
10
BinbinWang 2014-10-18 12:43:42 +08:00
* About to connect() to 23.59.94.46 port 443 (#0)
* Trying 23.59.94.46... * connected * Connected to 23.59.94.46 (23.59.94.46) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: * subject: C=cn; O=www.icloud.com; CN=www.icloud.com * start date: 2014-10-04 10:35:47 GMT * expire date: 2015-10-04 10:35:47 GMT * issuer: C=cn; O=www.icloud.com; CN=www.icloud.com * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > HEAD / HTTP/1.1 > User-Agent: curl/7.26.0 > Accept: */* > Host: www.icloud.com > * additional stuff not fine transfer.c:1037: 0 0 * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 200 OK HTTP/1.1 200 OK < Server: Apache Server: Apache < Last-Modified: Tue, 16 Sep 2014 16:32:33 GMT Last-Modified: Tue, 16 Sep 2014 16:32:33 GMT < ETag: "5d35-503314c5d0a40" ETag: "5d35-503314c5d0a40" < Cache-Control: no-cache, no-store, private Cache-Control: no-cache, no-store, private < Expires: Sat, 18 Oct 2014 04:42:19 GMT Expires: Sat, 18 Oct 2014 04:42:19 GMT < Strict-Transport-Security: max-age=31536000; includeSubDomains Strict-Transport-Security: max-age=31536000; includeSubDomains < X-UA-Compatible: IE=Edge X-UA-Compatible: IE=Edge < X-Frame-Options: SAMEORIGIN X-Frame-Options: SAMEORIGIN < Content-Type: text/html; charset=utf-8 Content-Type: text/html; charset=utf-8 < Content-Language: en-us Content-Language: en-us < Date: Sat, 18 Oct 2014 04:42:19 GMT Date: Sat, 18 Oct 2014 04:42:19 GMT < Connection: keep-alive Connection: keep-alive * no chunk, no close, no size. Assume close to signal end < * Closing connection #0 * SSLv3, TLS alert, Client hello (1): |
11
hjc4869 2014-10-18 12:46:55 +08:00
武汉电信打开正常。
|
12
virusdefender 2014-10-18 13:08:54 +08:00
青岛联通curl确实有,vpn之后就好了。但是浏览器打开没提示啊。
|
13
bearice OP @virusdefender 因为你DNS解析出来的不一定是这个地址啊
|
14
yfdyh000 2014-10-18 13:36:36 +08:00
直接访问 https://23.59.94.46/ 查看证书是否自签名就知道了。北京联通重现。
不过,根据 http://alibench.com/rp/f5ea0ba25cbe95600d7cfb57aa4d47f2 测试,好像只有: 广东 中山 电信 0ms 23.59.94.46 [ 美国 ] 这一处的DNS会返回这个IP,其他98个都不是。 |
15
wyf88 2014-10-18 17:50:49 +08:00
这种问题现在越来越多了...是不是以后国外网站必须得全局挂VPN或者代理呢
|
16
siyanmao 2014-10-18 19:27:01 +08:00
深圳电信确认23.59.94.46被中间人
$ mtr -T --port 443 -n 23.59.94.46 My traceroute [v0.85] siyanmao-k29 (0.0.0.0) Sat Oct 18 19:26:07 2014 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. 192.168.1.1 0.0% 17 0.6 0.7 0.6 0.8 0.0 2. ------------ 0.0% 16 2.8 2.6 1.7 3.3 0.3 3. ------------- 0.0% 16 2.0 2.2 1.4 4.0 0.4 4. ??? 5. 119.145.47.78 0.0% 16 6.4 7.7 4.3 27.0 5.2 183.56.65.54 183.56.65.50 119.145.47.74 121.34.242.250 121.34.242.138 6. 23.59.94.46 25.0% 16 168.5 171.4 166.8 201.3 9.4 |
17
zola 2014-10-19 09:00:35 +08:00
iCloud.com 的 https://23.48.140.239 和 https://23.13.186.46 这两个 iCloud 服务器上没有被替换证书。
但是直接访问 https://23.59.94.46/ ,在台湾没有被替换证书,换苏州联通的VPN后,证书被替换为自签名的证书。这况味着 iCloud 服务器在中国被人使用SSL中间人劫持,中国苹果用户隐私不保呀。 |
18
zola 2014-10-19 09:02:51 +08:00
|
19
icylord 2014-10-19 14:21:56 +08:00
curl https://23.59.94.46 -vk -H'Host: www.icloud.com' -I
* Rebuilt URL to: https://23.59.94.46/ * Hostname was NOT found in DNS cache * Trying 23.59.94.46... 这咋回事? 深圳联通 |
20
gfgrgerg 2014-10-19 18:20:08 +08:00
南方电信返回 60.254.134.46 没问题
|
21
JerryHou 2014-10-19 21:10:11 +08:00
天津电信返回IP 23.36.99.167,没啥问题……
|
22
chenshaoju 2014-10-19 21:38:43 +08:00
刚看了一下,包括黑龙江、吉林、以及上海等的部分线路也有劫持。
估计是使用DNS TTL来做轮询,所以刚好轮到这个IP的时候就会出问题。 |
23
hhp 2014-10-20 08:46:38 +08:00 via iPhone
手机端有影响吗?感觉最近一次重刷恢复备份让我输了好几次密码……开启两步验证对这个有没有作用
|
24
zola 2014-10-21 20:58:16 +08:00
经过BLOGGER、 freebuf、solidot、washable、people.com.cn、dw.de 等网站报道后,23.59.94.46上的中间人劫持似乎暂时停止了。
http://www.zhoushuguang.com/2014/10/icloud-ssl-attack.html http://www.freebuf.com/news/47744.html http://www.solidot.org/story?sid=41521 http://blog.zuola.com/2014/10/icloud-face-man-in-the-middle-attack-in-china.htm http://mashable.com/2014/10/20/china-attacks-apple-microsoft/ http://it.people.com.cn/n/2014/1021/c1009-25874921.html http://www.dw.de/a-18009603?maca=chi-rss-chi-all-1127-rdf |
25
zola 2014-10-22 20:26:56 +08:00
华尔街日报:苹果中国内地iCloud服务受攻击 http://cn.wsj.com/gb/20141022/tec071917.asp
苹果关于中国的中间人攻击事件的官方声明:《Apple 有关 iCloud.com 安全的最新消息》 http://support.apple.com/kb/HT6550?viewlocale=zh_CN&locale=en_US |
26
webiis 2014-10-23 11:22:41 +08:00
苹果iCloud遭SSL中间人劫持,用户如何防范隐私泄露?http://www.wosign.com/news/icloud-ssl.html
|