
Forget the Russians - don't tell our lot!
Kazakhstan may be about to intercept and decrypt its citizens' internet traffic – by ordering them to install rogue security certificates. On Monday, the nation's dominant telco Kazakhtelecom JSC said it and other operators are "obliged" by law to crack open people's HTTPS connections, and that this surveillance will begin …
I'm pretty sure the Russians, as well as GCHQ, NSA and the rest of them, have thought about this one long ago. Heck, they've probably got draft proposals sitting in a drawer somewhere.
But they've all rejected it as either too blatant, or just plain unnecessary. GCHQ, I know, don't give a damn' about HTTPS - it's no obstacle to snooping, and they're not interested in censorship, so it doesn't concern them.
(The Home Office now, that's a different story. They'd be interested in the censorship angle, if they understood it. But fortunately all that expertise is closeted away in GCHQ, who are quite happy with their "unlimited spying" remit and don't want to draw unnecessary attention by getting involved with anything higher-profile than that.)
Having actually been on holiday to Kazakhstan, I can confirm that it is the origin country of THE APPLE
(no, the fruit, not the expensive shiny stuff) with DNA traced all the way back to the eastern Tien-Shen mountains
oh, the .KZ might just be on the look out for a colorful revolution or two, depends with these oily states, sometimes president for life gets 'spontaneously' sidelined & I'm sure they have a large Жүйесі жедел-iздестiру iс-шаралары / Система Оперативно-Розыскных Мероприятий /PRISM full-take already in place.
It's the only place I've been where I went through full Airport security-theatre body scanning AFTER landing, I think they were after taxable items/special devices, or apples?
Not news, spies are already doing it to peoples handset's and computer kernel.
Turks-Trust, Equifax (NSA), MasterCard & Visa, Root Government CA.
What makes it news is when people figure it out and hover a button over those Certificates and then press Delete removing there back-door whilst utilising an alternative.
So called Leaders and politicians still don't understand encryption anything that protect's information from prying thieving butt-holes like them must be banned because it makes stealing all that technical stuff so much more difficult.
As for Russia, those Baikal chips are named after a Lake.. So...
(B)Lake encryption algorithm for the Win!
but then press Delete removing there back-door whilst utilising an alternative. most OS'ses & Browsers automagically reinsert the full caboodle of untrustworthy trust anchors
( CA/Browser forum is another not quite transparent bunch ) showing some signs of improving
I have a hardened windows server at home that surprisingly only has a handful of CAs; Now I wonder why that is Micro$oft?
We believe that by ordering people to install the cers on their machines and handhelds, Kazakhstan will be the first country to resort to such measures.
Hmm... This is probably the first country to admit it. I'm not sure why any country would admit such a thing unless there is something political to gain by announcing it.
Chances are, there's a South Korean CA in your Windows box right now. They were added in 2012:
http://social.technet.microsoft.com/wiki/contents/articles/9964.windows-root-certificate-program-members-april-2012.aspx
I guess the news here is that Kazakhstan couldn't persuade Microsoft to include it in a windows update.
*Edit, I just had a look and I can't find any national government CAs in the cert store on this Win10 machine. There is an AOL code signing cert though, so now I feel really safe.
Looks more like they are the first country to ask their residents to manually install the "trusted" certificate.
TÜRKTRUST is still trusted by most browsers/os (ios 9 for example), even if they have been caught red-handed producing "by mistake" (coincidently during strong protest period) *.google.com certificate via EGO.GOV.TR certificate.
When we know the unlimited love for freedom and privacy displayed by the Erdogan government, the mistake looks very opportunistic (and only detected thanks to Google certificate transparency project), I'm curious how many others erroneous certificate are lying around Turkey.