[cabfpub] China MITMing icloud.com

Richard Wang richard at wosign.com
Tue Oct 21 22:23:41 MST 2014


I read this article.
I think it is unfair that if some attack happened, then someone will say it is by China authorities.
The related MIIT attack is reported by Xinhua Agency also.

Regards,

Richard

On Oct 21, 2014, at 22:40, Rich Smith <richard.smith at comodo.com<mailto:richard.smith at comodo.com>> wrote:

https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone

The above article states that within China's great firewall, www.icloud.com<http://www.icloud.com> is connecting with a self signed certificate.  The article also states that the Qihoo 360 Browser passes the user right through with no warning or other indication that the connection is unsafe.

I have no way to independently verify that accusation, BUT given that we just approved the 360 Browser's CA/B membership application, I think this needs to be investigated.

If the accusation is found to be accurate, barring a VERY good explanation from the 360 Browser team, I would move for their immediate expulsion from this Forum.

--
Regards,
Rich Smith
Validation Manager
Comodo
http://www.comodo.com<http://www.comodo.com/>


_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141022/f4ef493b/attachment-0001.html 


More information about the Public mailing list