[cabfpub] 答复: China MITMing icloud.com

Horne, Rob rob.horne at trustis.com
Wed Oct 22 08:57:04 UTC 2014

Or to put it another way, other browsers have an active warning system but it appears Qihoo 360 uses a passive warning system.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: 22 October 2014 09:52
To: Eddy Nigg; 高寒蕊; richard.smith at comodo.com; public at cabforum.org
Cc: 石晓虹
Subject: Re: [cabfpub] 答复: China MITMing icloud.com

On 22/10/14 09:47, Eddy Nigg wrote:
> If I approve a certificate exception in Firefox, IE or any other
> browser it will do the same, no?

Yes, indeed. But that's after a user has explicitly taken action to approve the exception, after reading what the browser has to say about why this might not be a good idea.

If, today, you are using the Qihoo 360 browser inside China and you visit icloud.com, your cookies are leaked immediately. If you visit somesite.com and it has any sort of resource load from icloud.com, your cookies are leaked immediately (and without you even knowing it had happened).

This is very different to the behaviour in other browsers.

Public mailing list
Public at cabforum.org

More information about the Public mailing list