Content filtering in Australia over SSL
I was just reading on the whirlpool forums (Australian Broadband discussion) and i found something fairly interesting. Apparently the plans for an internet content filtering system in Australia at an ISP-level is still going ahead under the guise of an "Adult content" blocker. The original reports said it would be an Opt-out thing and that no-one had to be a part of it.
Since then it has gone very wrong.
Apparently the Content filtering is now going to also block illegal material i.e P2P and that section will not be opt-out, and even more worrying is the fact that it also does filtering on HTTPS connections. is it just me or does that mean that in terms of security there will be one giant weak-point.
If all HTTPS data goes through one point decrypted (via man-in-the-middle attacks) then wouldn't that mean that all a malicious person have to do is install some sort of packet-logger on the ISP system. It may be fairly hard however the benefits to the criminal that does so would be immense. As all bank transaction, authentication, and transaction history are all send over HTTPS(when doing internet banking) any wiretap on the system would mean that all bank info for anyone banking whilst the wiretap is in use would be recorded and then most likely sold to the highest bidder.
Its possible that I've got this all wrong somehow(And i hope i have) and that all this is some giant mistake on my half but if it isn't then what the hell are the government here doing. Anyway my facts are based on a report written for the Communications Minister that you can find in Google.
PS. Sorry for being a bit formal but i got a bit worked up about this and i want someone elses input.
PSS. i wanted to post the link to the report but anti-spam stopped me.
PSSS. Now that that post send me over the anti-spam limit I can post the link: Here
t0
Veteran
Joined: 23 Mar 2008
Age: 51
Gender: Male
Posts: 726
Location: The 4 Corners of the 4th Dimension
You can do this, but you need the private key off the server. Which means to implement this, you would need the private key off every server on the internet. Doesn't seem likely.
You can do this, but you need the private key off the server. Which means to implement this, you would need the private key off every server on the internet. Doesn't seem likely.
Unfortunately no, SSL can be broken via a man-in-the-middle attack.
The Wikipedia page on man-in-the-middle attacks
EDIT: A man-in-the-middle attack would mean that the data would be encrypted with the content filtering public key. It would then be sent to the filtering system decrypted and then re-encrypted with the severs public key and then sent back along.
All the data would be encrypted, but also decrypted on the content filtering system
Similar Topics | |
---|---|
Paucity of content |
07 Nov 2024, 7:38 pm |
Victoria ( VIC ), Australia, Meetups? |
08 Sep 2024, 3:36 am |