https://www.techdirt.com/articles/20...-attacks.shtml
Quote:
Back in September, we reported on the Chinese authorities using man-in-the-middle attacks to spy on citizens who carry out Google searches over encrypted connections. That's done by using a fake security certificate to redirect traffic to a server where the traffic is decrypted, analyzed, and blocked if necessary. A new post on the Greatfire.org Web site points out that this approach can only work if the user's computer trusts the certificate's issuing authority, in this case the China Internet Network Information Center, and that it's curious that browsers from the West do so quite so readily
|
The fix is simple enough (for those outside of China where doing this would likely be illegal), revoke the certificate yourself.
In firefox: Edit -> Preferences -> Advanced -> Certificates -> View Certificates -> CNNIC and China * -> Edit Trust... -> Disable all