[cabfpub] 答复: China MITMing icloud.com
gerv at mozilla.org
Wed Oct 22 02:10:47 MST 2014
On 22/10/14 09:57, Horne, Rob wrote:
> Or to put it another way, other browsers have an active warning
> system but it appears Qihoo 360 uses a passive warning system.
No, it's worse than that. You could call it active vs. passive if no
cookies were sent on that first load. Unless they suppress cookies and
all other auth information, this is "someone may be about to burgle your
house" vs. "someone just burgled your house". Both are notifications,
but the former is rather more useful to receive than the latter.
More information about the Public