After Being Unblocked in China, Github Suffers Attack on Site’s HTTPS Certificate


Chrome browser detects that something is wrong with Github’s security certificate.

After the social coding site Github got blocked and then unblocked in China last week, there was a new scare for its users over the weekend. For a few hours, Github visitors based in China, according to the GreatFire blog, “suffered a man in the middle attack” whereby the site’s proper HTTPS security certificate was replaced by a dubious, self-signed one. It’s not clear who perpetrated it. Visitors were greeted by the warning pictured above.

The blog warns that this kind of presumed attack “signifies HTTPS might no longer be safe in China.”

See the full technical details and discussion on Ycombinator.

(Image via @GreatFireChina on Twitter)