[cabfpub] 答复: China MITMing icloud.com

高寒蕊 gaohanrui at 360.cn
Tue Oct 21 20:20:11 MST 2014 

This article is not the truth.
360 browser can identify the fake certification and alert the users in both address-bar and the infobar (the yellow tip right on top of the page). Attached you can find the screenshot.

[cid:image001.jpg at 01CFEDEA.24963E30]


We also made the announcement to our users in major it websites(CNET<http://www.cnetnews.com.cn/2014/1021/3036881.shtml>, ChinaByte<http://soft.chinabyte.com/32/13115032.shtml>, etc.) and Sina Weibo<http://weibo.com/1709486153/BsAXnxSbS?mod=weibotime&type=comment#_rnd1413946061334> (aka, the Chinese twitter).

Any other questions?

Thanks,
360 Browser


发件人: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 代表 Rich Smith
发送时间: 2014年10月21日 22:41
收件人: public at cabforum.org
主题: [cabfpub] China MITMing icloud.com

https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone

The above article states that within China's great firewall, www.icloud.com<http://www.icloud.com> is connecting with a self signed certificate.  The article also states that the Qihoo 360 Browser passes the user right through with no warning or other indication that the connection is unsafe.

I have no way to independently verify that accusation, BUT given that we just approved the 360 Browser's CA/B membership application, I think this needs to be investigated.

If the accusation is found to be accurate, barring a VERY good explanation from the 360 Browser team, I would move for their immediate expulsion from this Forum.

--
Regards,
Rich Smith
Validation Manager
Comodo
http://www.comodo.com<http://www.comodo.com/>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 11972 bytes
Desc: image001.jpg
Url : https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0002.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 360SafeExplorer.jpg
Type: image/jpeg
Size: 139821 bytes
Desc: 360SafeExplorer.jpg
Url : https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0003.jpg

More information about the Public mailing list