[cabfpub] 答复: China MITMing icloud.com
Gervase Markham
gerv at mozilla.org
Wed Oct 22 08:30:32 UTC 2014
Hi,
On 22/10/14 04:20, 高寒蕊 wrote:
> 360 browser can identify the fake certification and alert the users in
> both address-bar and the infobar (the yellow tip right on top of the
> page). Attached you can find the screenshot.
Even if you provide warnings, you still load the fake page. Which, as
far as I know, means that the MITM server receives all the cookies and
authentication information which the browser would automatically send to
icloud.com.
This means that the MITM server now has the ability to impersonate the
user, because they have copies of the user's cookies.
Isn't that right?
Why did you choose to differ from the behaviour of all other browsers,
which refuse to load the page entirely?
Gerv
More information about the Public
mailing list