A blog covering security and security technology.
? Information-Age Law Enforcement Techniques | Main
China Now Blocking Encryption
The "Great Firewall of China" is now able to detect and block encryption:
A number of companies providing "virtual private network" (VPN) services to users in China say the new system is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems.China Unicom, one of the biggest telecoms providers in the country, is now killing connections where a VPN is detected, according to one company with a number of users in China.
Posted on December 20, 2012 at 6:32 AM ? 11 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Hmmm. I wonder if they are able to tell the difference between a VPN service and a corporate VPN connection back to a home office. If not, going to make for some fun times in the IS departments of many multinational companies doing business in China.
@Dan
however much we expect/fear the death of freedom it doesn't meant an event - even in China - should go uncommented on.
Having said that I'm slightly surprised they blocked rather than broke.
@Brett: Recently, our corporate VPN that we're using to communicate with our Chinese partner has been blocked off regularly. We tried changing the port, but it kept on getting blocked off.
So I guess the answer is no, or at least not for the small companies.
Are there any VPNs that internally use steganography?
Whilst this has been expected for some time, there are numours solutions that could be used to get around the block as currently described.
However that is perhaps not the main point to consider...
Tthe assumption is that China is doing this to stop it's citizens seeing or communicating with entitiess the Communist Party has issue with.
However there may be a more serious issue from the point of businesses with entities in China. It may be a move designed to perform espionage by trying to force company secrets out into the open. Forcing companies off of VPN's is in the sshort term cause ad-hoc solutions that will in effect open up corporate firewalls thus also aiding in APT type activites.
Does this block https too?
I heard somewhere that China will regularly do man in the middle attacks on https connections. But if you can get the certificate, that would show.
Are they killing ssh/port 22?
If not, a simple work-around is to set up an encrypted tunnel over ssh. Not distinguishable from a vanilla ssh connection.
fuckgfw, reader from China
Interestingly, I've been to China last week and my VPN worked fine... so I'm not sure that it is already working.
Subscribe to comments on this entry
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
Source: http://www.schneier.com/blog/archives/2012/12/china_now_block.html
correspondents dinner 2012 white house correspondents dinner 2012 whcd 2012 nfl draft kevin durant jazz fest zurich classic
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.