China la­bels Google se­cu­rity move un­ac­cept­able

The China Post - - GUIDE POST -

A Chi­nese cy­berspace bureau on Thurs­day de­nounced Google for de­cid­ing not to rec­og­nize the agency’s author­ity af­ter a Bei­jinglinked se­cu­rity breach, call­ing the U.S. In­ter­net gi­ant’s ac­tion “un­ac­cept­able and un­in­tel­li­gi­ble.”

The rep­ri­mand from the China In­ter­net Net­work In­for­ma­tion Cen­tre (CNNIC) came af­ter Google said the agency was im­pli­cated in an on­line se­cu­rity vul­ner­a­bil­ity and the firm was re­vok­ing its trust in its In­ter­net cer­tifi­cates.

“The de­ci­sion that Google has made is un­ac­cept­able and un­in­tel­li­gi­ble to CNNIC, and mean­while CNNIC sin­cerely urge that Google would take users’ rights and in­ter­ests into full con­sid­er­a­tion,” CNNIC said in a state­ment posted on its web­site.

The row marks the lat­est esca- la­tion of ten­sions be­tween Bei­jing and Google.

The Cal­i­for­nia-based tech firm with­drew from China in 2010 over cen­sor­ship is­sues, and the two have con­tin­ued to have a tur­bu­lent re­la­tion­ship, with Bei­jing mov­ing last year to fully block Google’s hugely popular Gmail ser­vice.

China op­er­ates the world’s most ex­ten­sive and so­phis­ti­cated In­ter­net cen­sor­ship sys­tem, known as the “Great Fire­wall.”

A Google se­cu­rity en­gi­neer wrote on the com­pany’s on­line se­cu­rity blog last week that CNNIC and a firm called MCS Hold­ings had been found to have is­sued “unau­tho­rized dig­i­tal cer­tifi­cates for sev­eral Google do­mains.”

The “mi­sis­sued cer­tifi­cates would be trusted by al­most all browsers and op­er­at­ing sys­tems,” he said, de­scrib­ing the re­sult­ing vul­ner­a­bil­ity as a “se­ri­ous breach” of the In­ter­net cer­tifi­cate author­ity sys­tem.

Mi­crosoft and Mozilla, owner of the popular Fire­fox Web browser, also an­nounced they were re­vok­ing trust in all MCS cer­tifi­cates.

The Google post­ing was up­dated Wed­nes­day to note that CNNIC’s cer­tifi­cates “will no longer be rec­og­nized in Google prod­ucts” adding that the Chi­nese or­ga­ni­za­tion was “wel­come ... to reap­ply once suit­able tech­ni­cal and pro­ce­dural con­trols are in place.”

An anti- cen­sor­ship group, — which has ac­cused Bei­jing of at­tack­ing its ser­vices — said the orig­i­nal rev­e­la­tion was ev­i­dence that CNNIC had been “com­plicit” in so-called man-in-the-mid­dle op­er­a­tions.

Such at­tacks in­volve an unau­tho­rized in­ter­me­di­ary in­sert­ing them­selves be­tween com­puter users and their on­line des­ti­na­tions, usu­ally un­de­tected, al­low­ing them to har­vest data in­clud­ing pass­words.

CNNIC has de­nied that it was di­rectly in­volved and said the in­ci­dent took place when MCS Hold­ings “im­prop­erly is­sued” cer­tifi­cates that were “only used for in­ter­nal tests in its lab­o­ra­tory, which is a pro­tected en­vi­ron­ment.”

China’s for­eign min­istry also dis­missed the ac­cu­sa­tions, with spokes­woman Hua Chun­y­ing telling re­porters that “all par­ties should aban­don ac­cus­ing each other with­out proof.”

Bei­jing fre­quently de­scribes it­self as a vic­tim of hack­ing.

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.