Hacker News new | ask | show | jobs
by dasm 2774 days ago
Agreed. This appears to be a repeat of the attack covered here: https://news.ycombinator.com/item?id=18385920

I'm not familiar with BGP routing attacks; the article above seems to imply the attacker needs to compromise certs in order to glean useful data from the attack.

If that's accurate, is this Google-oriented traffic vulnerable to this type of attack?
1 comments
raesene9 2774 days ago
for Google traffic, assuming certificate pinning is in place, I can't see this being that successful.

However for more general traffic, well look at the trusted root list in your browser/OS. Realise that every single one of those trusted routes can issue certificates for a given domain...

link
dasm 2774 days ago
Thanks. Since it appears all this traffic is Google-related, any guesses as to what the attacker could have gained here?
link
raesene9 2774 days ago
This could just be a mistake of course, malicious intent isn't needed :)

Of the top of my head, assuming malicious intent, well not all browser (especially older ones) do certificate pinning, so perhaps then Chinese users of Google services using old browsers would find their traffic being intercepted?

Past that the leakage would seem fairly minor, a list of source IP addresses and destination hosts.

link