“Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site. The attack is ongoing and has been seen by users of multiple Syrian ISPs. We cannot confirm the identity of the perpetrators.

The attack is not extremely sophisticated: the certificate is invalid in user’s browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users’ only line of defense.”

From EFF