Warning To All Internet Users In Thailand

[manarak]

2 hours ago, ukrules said:

That's not what happened here, of course it's possible to do but not likely to be done in a widespread public manner as you can't hide it.

 

If that did happen then people who look at certificates would notice the CA change, the only way to do it would be to have a friendly CA issue a certificate, this would compromise the CA. This has happened before and the consequences are severe.

 

When something like this is noticed it would be reported, my bet is that this would be noticed almost immediately, probably by google themselves, a browser update would happen and the CA would be removed from the included list of valid Certificate Authorities and that would be the end of the matter with the CA going out of business and all trust revoked worldwide.

okay... I'm not pretending that this happened here!

it was a scenario of what's possible. and in my scenario, the requests to the CA are redirected to a fake CA which will verify the fake certificates.

yes, the browser should notify of a change of certificate, however that is not always the case with trusted CA.

 

[RedCardinal]

17 hours ago, manarak said:

Could you please explain how the https protocol protects a client whose traffic on all ports is redirected (fake DNS) to prepared fake website(s) that will spoof the domainname and serve fake certificates with fake certificate authority to the client?

It's called "Trusted CA" for a reason, and browser vendors will remove CAs if they no longer trust them, e.g. what's currently happening to Symantec. 

 

 

It's not just the HTTPS protocol that is protecting users, it's the browsers and clients that implement those protocols.  Bad actors might get away temporarily with a MITM attack, but they will be shut down very quickly due to the systems and checks in place to detect such behaviour.   

 

[lexilis]

I don't know about the rest of you but it is Tuesday and I am still having these problems. Most websites will not connect. And since this morning my VPN (connecting through Singapore) will not function.

[johng]

Its just you !

[Jai Dee]

58 minutes ago, lexilis said:

I don't know about the rest of you but it is Tuesday and I am still having these problems. Most websites will not connect. And since this morning my VPN (connecting through Singapore) will not function.

No other Chiang Mai residents are complaining.

 

Suggest you call your ISP directly.

[topt]

33 minutes ago, Jai Dee said:

No other Chiang Mai residents are complaining.

 

Suggest you call your ISP directly.

I don't know if linked but 103FM in Pattaya have been complaining all weekend and still this morning that they still have no internet via 3BB - causing them all sorts of hardships. So not just poor or redirected but zero access.

[revelstone]

On the 6th of May, AIS had a problem with one of their routers on the Singapore link (I don't know about 3BB, but perhaps they were sharing the infrastructure that had the problem). This router was dropping over 60% of packets and responding with a ping time in excess of 550ms (usual ping time is an order of magnitude lower, around 40ms). This resulted in many websites being unavailable (for me, access to Google among others, was affected). It also affected most traffic going to destinations in Europe and the USA. 

 

Access via other routes was unaffected, so servers in Australia and in Japan, for example, were unaffected and could be accessed no problem. 

 

I reported this to this to their NOC at about 9pm Bangkok time when I noticed it. It was fixed about 2 hours later. I suspect this problem is the cause of some of the reports here. See the attached screendump showing the problem.

 

I also note references in this thread to a "man in the middle". It is standard practise for ISPs to optimize bandwidth usage by using Google's Global Cache service. This will result in things like Youtube videos and Google content being served from cache servers inside the ISPs network. There is nothing sinister in this as it is done regularly by ISPs all over the world and doesn't indicate any form of censorship or attempt to intercept traffic. Youtube and Google content is a very heavy consumer of bandwidth in Thailand, so it's natural to expect the ISPs to optimize it given the limited international bandwidth.