[cabfpub] 答复: China MITMing icloud.com
高寒蕊
gaohanrui at 360.cn
Tue Oct 21 20:20:11 MST 2014
This article is not the truth.
360 browser can identify the fake certification and alert the users in both address-bar and the infobar (the yellow tip right on top of the page). Attached you can find the screenshot.
[cid:image001.jpg at 01CFEDEA.24963E30]
We also made the announcement to our users in major it websites(CNET<http://www.cnetnews.com.cn/2014/1021/3036881.shtml>, ChinaByte<http://soft.chinabyte.com/32/13115032.shtml>, etc.) and Sina Weibo<http://weibo.com/1709486153/BsAXnxSbS?mod=weibotime&type=comment#_rnd1413946061334> (aka, the Chinese twitter).
Any other questions?
Thanks,
360 Browser
发件人: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 代表 Rich Smith
发送时间: 2014年10月21日 22:41
收件人: public at cabforum.org
主题: [cabfpub] China MITMing icloud.com
https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
The above article states that within China's great firewall, www.icloud.com<http://www.icloud.com> is connecting with a self signed certificate. The article also states that the Qihoo 360 Browser passes the user right through with no warning or other indication that the connection is unsafe.
I have no way to independently verify that accusation, BUT given that we just approved the 360 Browser's CA/B membership application, I think this needs to be investigated.
If the accusation is found to be accurate, barring a VERY good explanation from the 360 Browser team, I would move for their immediate expulsion from this Forum.
--
Regards,
Rich Smith
Validation Manager
Comodo
http://www.comodo.com<http://www.comodo.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 11972 bytes
Desc: image001.jpg
Url : https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0002.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 360SafeExplorer.jpg
Type: image/jpeg
Size: 139821 bytes
Desc: 360SafeExplorer.jpg
Url : https://cabforum.org/pipermail/public/attachments/20141022/2e711b3c/attachment-0003.jpg
More information about the Public
mailing list