Beware;
Internet users in Thailand have been hit by a massive man-in-the-middle attack aimed grabbing email login credentials from fake SMTP servers.
The attack has been verified on Google’s and Yahoo’s email servers and on two of the country’s largest fixed-line ISPs, though preliminary analysis suggest that all SMTP servers are targeted.
The STRIPTLS attack as it has become known works by inserting a man-in-the-middle at the ISPs. This is done via a transparent proxy.
Normally a client connecting to smtp.gmail.com on port 25 would be elevated to use STARTTLS encryption before authentication with username or password is passed and before the actual email message is sent.
However, accessing smtp.gmail.com from within Thailand results in a connection to a fake server that says it does not support STARTTLS encryption. If the email client proceeds any email sent is sent unencrypted through the man-in-the-middle but more importantly so are email login credentials.
The perpetrator would have a huge collection of usernames and passwords to email accounts through this attack as well as the actual messages.
Setting the email client to explicitly use TLS connecting on ports 465 or 587 is still safe and communication remains encrypted. Only clients that are set to use encryption if available connecting on the default SMTP port would fall foul of the attack.
Google, Yahoo SMTP email severs hit in Thailand
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
Google, Yahoo SMTP email severs hit in Thailand
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
another update;
http://www.telecomasia.net/content/amaz ... rveillanceThailand’s junta leader and Prime Minister Prayuth Chanocha has vowed to use technology to crack down on suspected anti-royalist networks. In his policy speech to his hand-picked national legislative assembly Prayuth said, "We will use legal measures, social-psychological measures, and telecommunications and information technology to deal with those who are not mindful of their words, are arrogant at heart, or harbor ill intentions to undermine the important Institution of the nation.”
Soon afterwards, Thailand’s internet has suffered major slowdowns which hints of extra filtering installed at state-owned telco CAT Telecom’s IIG.
A network engineer at a dot com operating in Bangkok said that access to Amazon EC2 servers via CAT’s IIG was slow and intermittent while Digital Ocean remained unaffected. Reverse traceroute analysis from the various servers pinpointed the problem on the CAT network on the inbound side.
The engineer, speaking on condition of anonymity, said that it could be the rumored new censorship equipment being installed, or just another normal day of incompetent operations at the state-owned telco.
He was reluctant to pin it down on mass surveillance and noted that packets were routed differently. EC2 Singapore packets were routed from Equinix -> CAT- > True while Digital Ocean Singapore was routed SGIX -> True IIG -> True.
Amazon EC2 US servers were also affected, suggesting that the filtering is targeting EC2 hosted sites in particular.
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
- spitthedog
- Is the World Outside still there ?
- Reactions: 126
- Posts: 5724
- Joined: Mon Feb 17, 2014 10:19 pm
How would you know if your login connection was suspect then?
If you always see the HTTPS in your browser on login it is secure or..???
If you always see the HTTPS in your browser on login it is secure or..???
"I don't care what the people are thinking, i ain't drunk i'm just drinking"
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
dup
Last edited by Phuket2006 on Thu Sep 18, 2014 11:20 am, edited 1 time in total.
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
Juts keeps getting better
Thailand’s military junta extends censorship with mass online surveillance
Thailand’s ruling military junta is further tightening its grip on the public discourse by heightening its censorship measures, going as far as reportedly implementing widespread surveillance of Thai online users, mainly to crush criticism at the military government and in a self-proclaimed crusade to crack down on anything that is deemed insulting to the royal institution also known as lèse majesté.
http://asiancorrespondent.com/126733/th ... veillance/
Thailand’s military junta extends censorship with mass online surveillance
Thailand’s ruling military junta is further tightening its grip on the public discourse by heightening its censorship measures, going as far as reportedly implementing widespread surveillance of Thai online users, mainly to crush criticism at the military government and in a self-proclaimed crusade to crack down on anything that is deemed insulting to the royal institution also known as lèse majesté.
http://asiancorrespondent.com/126733/th ... veillance/
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
In LOS at moment, when I try to check my Yahoo mail I get this.
Cycle Prohibited
Description: Could not process your request for the document because it would cause an HTTP proxy cycle. Please check the URL and your browser's proxy settings.
WTF? I'm no expert!
Have not been able to open the UK Daily Mail online for months!
Cycle Prohibited
Description: Could not process your request for the document because it would cause an HTTP proxy cycle. Please check the URL and your browser's proxy settings.
WTF? I'm no expert!
Have not been able to open the UK Daily Mail online for months!
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
just checked my yahoo, no problem.
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
- Jacked Camry
- Is the World Outside still there ?
- Reactions: 2
- Posts: 5674
- Joined: Sun Jul 24, 2005 2:53 pm
I got back to Thailand yesterday - it's VERY noticeable how much more lag there is whenever you try to access any webpage, and there is a several second lag any time you want to try to post something on a forum of any sort. To me it's obvious that the government here is inserting itself in-between the users and the ISP to snoop on online activity, with the net result of the whole thing bogging down. All I need is confirmation from above that "Thailand is not eavesdropping on the internet" to know that they absolutely and positively are. Just another nail in the coffin...
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
past week slow down on all traffic an its mentioned on the Thia blog boards that i am a member of
Big careful
Big brother is not only watching but reading
Big careful
Big brother is not only watching but reading
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
- Jacked Camry
- Is the World Outside still there ?
- Reactions: 2
- Posts: 5674
- Joined: Sun Jul 24, 2005 2:53 pm
I guess I should ask you now whether you're pleased with the way things have transpired as one of the big supporters of the coup? Actually, I guess I SHOULDN'T!Phuket2006 wrote:past week slow down on all traffic an its mentioned on the Thia blog boards that i am a member of
Big careful
Big brother is not only watching but reading
Keep your head down, the revolution always eats its own.
- Phuket2006
- The Internet is my Friend
- Reactions: 101
- Posts: 6993
- Joined: Fri Jan 05, 2007 7:00 am
seriously< i have very mixed feelings nowJacked Camry wrote:I guess I should ask you now whether you're pleased with the way things have transpired as one of the big supporters of the coup? Actually, I guess I SHOULDN'T!Phuket2006 wrote:past week slow down on all traffic an its mentioned on the Thia blog boards that i am a member of
Big careful
Big brother is not only watching but reading
Keep your head down, the revolution always eats its own.
they have done wonders down here BUT as usual with Coups an Military occupation, its going to their heads,
"Power tends to corrupt, and absolute power corrupts absolutely "
"We are turning into a nation of whimpering slaves to Fear—fear of war, fear of poverty, fear of random terrorism, or suddenly getting locked up in a military detention camp on vague charges of being a Terrorist sympathizer." HST
I use a VPN.
Quite often I have found the speed using a VPN to be faster than a direct internet connection.
Tried and tested in many places, Luxembourg, Bangkok, Egypt...
Interestingly when i was in Bangkok last month I was unable to access my (own domain) webmail directly in a browser as it constantly said that my IP address had changed. Accessing it using a VPN worked no problem.
@
Quite often I have found the speed using a VPN to be faster than a direct internet connection.
Tried and tested in many places, Luxembourg, Bangkok, Egypt...
Interestingly when i was in Bangkok last month I was unable to access my (own domain) webmail directly in a browser as it constantly said that my IP address had changed. Accessing it using a VPN worked no problem.
@
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Copy documents to PDF and email to me.
by scoffer » Tue Oct 22, 2019 4:00 pm » in Cambodia Speakeasy - 38 Replies
- 6458 Views
-
Last post by Gaggy Bravy
Fri Oct 25, 2019 1:44 pm
-
-
- 8 Replies
- 1081 Views
-
Last post by nerdlinger
Fri Feb 10, 2023 10:48 am
-
- 12 Replies
- 3518 Views
-
Last post by violet
Tue Jul 13, 2021 4:15 pm
-
-
Google Chromecast - or simular product
by scoffer » Tue Jul 13, 2021 3:01 pm » in The IT and Techy Forum - 11 Replies
- 2638 Views
-
Last post by rektj00
Sat Mar 19, 2022 6:55 pm
-