Later On

A blog written for those whose interests more or less match mine.

China clamps down to keep citizens isolated from the world

with one comment

No wonder China supports North Korea, the world’s most hermetically sealed nation. From ycombinator:

GitHub hit by DDoS attack

This is an article [0] summarizes what happened. It is however in Chinese. So let me put a simple summary here:

Baidu has Baidu Analytics, a service similar to Google Analytics. In short, a website includes a javascript file from Baidu and Baidu will report some basic analytics to the site manager like how many visitors per day, how much time they spent on average per page etc.

Someone in the middle between a client outside China and Baidu, allegedly it should be the Great Fire Wall, changed the javascript file from Baidu and added some code so that any client executing the javascript file will periodically access https://github.com/greatfire/ and https://github.com/cn-nytimes/. This means any user who is accessing a site using Baidu Analytics will be an attacker to github.

Here is a simple solution: Block any javascript from Baidu if you do not use it. For chrome users, add the pattern [*.]baidu.com. See here[1].

Edit 1: Added a solution.

Edit 2: Format.

Edit 3: Oh, it’s not only Baidu Analytics. Baidu Ads’ javascript is also being hijacked and changed [2]. Imagine that all sites containing Google Ads use their visitors as attackers to attack github. Now it is literally what is happening to Baidu and its customers (and their customers’ visitors.) The javascript is only changed for visitors outside China. This is why people believe that is done by Chinese government — the only entity who has total access to all out-going routers in China. Since many Chinese users use VPN or other types of proxy to access Internet, they are all considered as visitors outside China. . .

Continue reading.

Written by LeisureGuy

27 March 2015 at 11:15 am

Posted in Government, Technology

One Response

Subscribe to comments with RSS.

  1. Reblogged this on Brian By Experience.

    Brian Dead Rift Webb

    27 March 2015 at 12:14 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.