<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"MS UI Gothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"Microsoft JhengHei";
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@MS UI Gothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@Microsoft JhengHei";
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ben,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I agree that the exact wording you point out is correct, however, I think 360 Browser has shown that they do at least downgrade the browser chrome, and that they did publish warnings about this particular situation. I agree completely with the other messages posted that their products current behavior is far from ideal and that they have significant work to do to make sure their users are secure, but in light of the screenshots they sent, and the articles they linked to which clearly show that they issued a warning about this, I withdraw any suggestion I made with respect to revocation of their Forum membership. My hope is that their participation in the Forum and the feedback they get from this group will help them to significantly improve security for their users.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Rich<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ben Laurie [mailto:benl@google.com] <br><b>Sent:</b> Wednesday, October 22, 2014 9:24 AM<br><b>To:</b> richard.smith@comodo.com; </span><span style='font-size:10.0pt;font-family:"MS UI Gothic","sans-serif"'>高寒蕊</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>; public@cabforum.org<br><b>Cc:</b> </span><span style='font-size:10.0pt;font-family:"MS UI Gothic","sans-serif"'>石</span><span style='font-size:10.0pt;font-family:"Microsoft JhengHei","sans-serif"'>晓虹</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br><b>Subject:</b> Re: [cabfpub] China MITMing icloud.com<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Wed Oct 22 2014 at 2:17:15 PM Rich Smith <<a href="mailto:richard.smith@comodo.com">richard.smith@comodo.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Dear 360 Browser staff,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Thank you for this response. As noted by others, I think your product needs some further work to be considered truly secure against these kinds of attacks, however I am glad to know that the original article's allegations seem to be unfounded.</span><o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>The original article says "Internet users in China should first use a trusted browser on their desktops and mobile devices - <a href="http://www.firefox.com.cn/">Firefox</a> and <a href="https://en.greatfire.org/www.google.cn/chrome">Chrome</a> will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. Qihoo’s popular Chinese 360 secure browser is anything but and will load the MITMed page directly."<br><br>which appears to be exactly what has been confirmed.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></body></html>