[cabfpub] 答复: China MITMing icloud.com
rob.horne at trustis.com
Wed Oct 22 01:57:04 MST 2014
Or to put it another way, other browsers have an active warning system but it appears Qihoo 360 uses a passive warning system.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: 22 October 2014 09:52
To: Eddy Nigg; 高寒蕊; richard.smith at comodo.com; public at cabforum.org
Subject: Re: [cabfpub] 答复: China MITMing icloud.com
On 22/10/14 09:47, Eddy Nigg wrote:
> If I approve a certificate exception in Firefox, IE or any other
> browser it will do the same, no?
Yes, indeed. But that's after a user has explicitly taken action to approve the exception, after reading what the browser has to say about why this might not be a good idea.
If, today, you are using the Qihoo 360 browser inside China and you visit icloud.com, your cookies are leaked immediately. If you visit somesite.com and it has any sort of resource load from icloud.com, your cookies are leaked immediately (and without you even knowing it had happened).
This is very different to the behaviour in other browsers.
Public mailing list
Public at cabforum.org
More information about the Public