https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
Cert is here: http://www.mediafire.com/download/ampbnqncc277krv/fakeicloudcert.zip I'd be very interested to know why (as reported) the Qihoo 360 browser doesn't throw an error for this cert. Does it accept all self-signed certs without complaint? Or is there something special about this one? If so, what exactly? If anyone (presumably with a copy of Windows) wants to dig into that, it would be really great. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
