[LINK] All your internets are belong to us

[Martin Barry]

$quoted_author = "Karl Auer" ;
> 
> Key words "unprotected communications". Anyone using encryption would
> have had no problem at all. Well, non-delivery maybe, but not the wrong
> people reading it, and not "manipulation".

If I can take my tin-foil hat out and try it on for a minute:

- this is one of the few instances where the network leaking routes could
  handle the traffic directed at it. Usually the offending network just
  performs a DOS on itself.

- existing sessions could have, and appear to have, kept working during the
  leak. Unencrypted traffic transmitted during this time is obviously
  vulnerable.

- HTTPS is usually assumed to be trustworthy due to the certificate chains
  used by browsers to check the servers certificate. MITM attacks require
  the attacker to control one of these certificate chains.

- China Internet Network Information Centre has one of those trusted root
  certificates.


Taking the tin-foil hat off:

- there is no evidence that any data was captured during the leak

- there is no evidence that the leak was anything other than a configuration
  error


cheers
Marty