Keychain Trust Settings

Blacklist Any Untrusted Certificate

CNNIC ROOT

Only a few days after the DDoS attack on Greatfire.org began, Google and Mozilla posted about China Internet Network Information Center (CNNIC) issued a certificate for man-in-the-middle attack. Then, yesterday, the Large Scale DDoS Attack on GitHub began, attempting to take down Greatfire’s accounts on GitHub.

All these attacks just gave me more consern over cybersecurity, especially against man-in-the-middle attack from China. Thus, I created security-trust-settings-tools, a tool set to make it really easy to blacklist all user untrusted certificates on OS X.

Keep Away from Chinese SSL Certificates

To blacklist all common Chinese SSL Certificates with my tools, simply try the OS X version of RevokeChinaCerts.