Facebook's login system is being hijacked by China's Great Firewall
-
Facebook's login system is being hijacked by China's Great Firewall
For the last three days, China's Great Firewall has been intercepting the Javascript module from Facebook Login, which allows third-party sites to authorize users through Facebook infrastructure. First reported on Sunday, the attack causes sites using Facebook Login to redirect to a third-party page for many web users in China. "This behavior is occurring locally and beyond the reach of our servers," a Facebook spokesperson told The Verge. "We are investigating the situation."
-
Facebook?
-
I'm lost, isn't this javascript transmitted over SSL? I'm guessing not, but then the question is why not?
-
@Dashrender said:
I'm lost, isn't this javascript transmitted over SSL? I'm guessing not, but then the question is why not?
SSL is not allowed in China without a license for it. Even if you use it anyway, my understanding is that it is proxied and intercepted so it doesn't matter. But technically you are not even allowed to use SSL (SSL is a form of VPN which is a controlled access thing in China.)
This is basically a huge scale Lenovo issue and has been pointed to as to why it is considered acceptable by some people for why Lenovo attempted something similar - because they are so used to this type of thing in China that hijacking SSL security seemed natural while in the west it is unthinkable.
