360 和 周鸿祎 都是无耻的。
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Just add more info: WireLurker Virus on ios and OS X
https://beijingtoday.com.cn/2014/11/wirelurker-virus-cripples-qihoo-360s-credibility/
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Accroding to this newspaper, 360 do have join the GFW project at 2012-07-02.
http://web.archive.org/web/20120705031419/http://www.21cbh.com/HTML/2012-7-2/2NMDM2XzQ2NTU2Nw.html
However, the chief of 360, 周鸿祎, personally said it is not true in a local SNS
site.
On Thursday, October 13, 2016 at
A note on accepted content for this list:
Concrete information which may be important for security policy
decisions Mozilla has to make is welcome. Wild and unsubstantiated
accusations are not, nor are comments which attack a person or company
based on their nationality. I have already rejected
Are there any words saying “award to Qihoo to recognize their long time support
for censorship”?
It is an official thanks letter from The Ministry of Public Security of the
People’s Republic of China, the equivalent organization with FBI of U.S, it
thanks for my team and myself to join the
All,
Thanks again to all of you who have put in so much time and effort to determine
what happened with WoSign and StartCom and discuss what to do about it.
Based on the information that I have seen regarding WoSign, I believe that
WoSign intentionally bent the rules in order to continue
On Thursday, October 13, 2016 at 7:51:11 PM UTC+3, Jakob Bohm wrote:
> I just skimmed it, and that just looks like Qihoo 360 acquired some
> other companies that I don't recognize and did so by technically
> merging the company while concentrating ownership with the existing
> Qihoo 360
On Thursday, October 13, 2016 at 10:17:28 AM UTC-7, Jonathan Rudenberg wrote:
> Can you clarify if the notBefore cutoff is October 1, 2016, and
> not October 21, 2016? There are two conflicting dates in the listed actions.
My thinking is that we would distrust certs issued after next week (Oct
On Thursday, October 13, 2016 at 10:39:05 AM UTC-7, Han Yuwei wrote:
>
> Is this the final decision or still pending?
Please consider this the draft of my decision. We are actively working on the
Mozilla action items, but this plan is still open for discussion.
Thanks,
Kathleen
On 13/10/2016 04:36, 谭晓生 wrote:
The HSM is stored offline, in the Vault of Qihoo 360’s head quarter, a little
bit surprised by this question, I don’t know if there other CAs put their Root
Certificates online?
If anybody have evident to say “Wosign have the private key of StartCom”,
please
在 2016年10月13日星期四 UTC+8下午11:58:54,Gervase Markham写道:
> A note on accepted content for this list:
>
> Concrete information which may be important for security policy
> decisions Mozilla has to make is welcome. Wild and unsubstantiated
> accusations are not, nor are comments which attack a person or
On Oct 13, 2016, at 12:49, Kathleen Wilson wrote:
>
> 1) Distrust certificates chaining up to Affected Roots with a notBefore date
> after October 21, 2016. If additional back-dating is discovered (by any
> means) to circumvent this control, then Mozilla will immediately
在 2016年10月14日星期五 UTC+8上午12:50:02,Kathleen Wilson写道:
> All,
>
> Thanks again to all of you who have put in so much time and effort to
> determine what happened with WoSign and StartCom and discuss what to do about
> it.
>
> Based on the information that I have seen regarding WoSign, I believe
On 13/10/16 17:49, Kathleen Wilson wrote:
> Thanks again to all of you who have put in so much time and effort to
> determine what happened with WoSign and StartCom and discuss what to
> do about it.
You are welcome.
As people will have read, the current decision at Mozilla is to treat
the
Indeed, Yahoo! has bad reputation on both spyware/malware[1] and censorship[2].
Ironically, Yahoo! Assistant, the successor of 3721 Internet Assistant (also
called 3721 helper) was identified as malware by 360Safe, which is a product of
Qihoo 360.[3]
In 2007, Eric Yang, the co-founder and CEO
On Thursday, 13 October 2016 20:52:54 UTC+1, Gervase Markham wrote:
> To be clear, this is a permanent ban, applicable worldwide, but only to
> the Hong Kong branch of E (If further issues are found with E
> audits elsewhere, then we might consider something with wider scope.)
Please can Mozilla
> Others have noted the mismatch here with an October 1 date elsewhere in
> the document. I think we should pick a single date in the future, to
> allow the CAs concerned to wind down operations without leaving
> customers having just obtained certs which will stop working in a few
> months.
On Thu, Oct 13, 2016 at 09:49:50AM -0700, Kathleen Wilson wrote:
> 5. 100% embedded CT for all issued certificates, with embedded SCTs from
> at least one Google and one non-Google log not controlled by the CA.
Will there be any requirements around the qualification status of the logs,
or could
On 10/11/2016 11:57 AM, Gervase Markham wrote:
There is also the case of StartEncrypt. While no known
cert-to-wrong-person misissuance occurred because the researchers in
question used domains they already controlled to prove their point, but
there seemed to be multiple holes by which this
Some more information.
3721 helper, the most notorious malware in china was created by Hongyi zhou and
his company 3721 in 1998. According to Mr. Tan's bio, he was the development
director of 3721. So I believe he directly participated in and led the
development of the malware.
There is
Mr. Xiaosheng Tan
According to the page of your personal details
(http://baike.baidu.com/view/4571996.htm) in Baidu BaiKe. Currently you are the
CTO and VP of Qihuoo. And you have a long recorder working and even studying
with Hongyi Zhou, the CEO and the owner of Qihoo who was entitled as
There could be multiple books to tell the story of Qihoo 360 and Mr.Hongyi
Zhou, Qihoo 360 fighted with Baidu, Alibaba & Tencent, the three largest
internet companies of China in the past 10 years, there were a lot of law suits
there, win and lose together, the ecosystem of China internet is a
On 10/12/2016 10:11 PM, Ryan Sleevi wrote:
As Gerv suggested this was the official call for incidents with respect to
StartCom, it seems appropriate to start a new thread.
Ryan, it was probably easy to dig up any possible claimed or proven
issue ever surrounding StartCom during its ~ 10
The information on Baidu Baike is not correct, I tried to correct it, but
failed, I don’t know why.
I’m the Vice President of Qihoo 360 from end of 2009, installed as Chief
Privacy Officer from 15th March 2012 as well, titled as Chief Security Officer
of Qihoo 360 from Feb 2016, I never been
在 2016年10月13日星期四 UTC+8下午9:09:11,uri...@gmail.com写道:
> >WoSign will resell other trusted CA's SSL certificate to our customers to
> >provide best product and best service to our customers.
>
> Is the plan to resell StartCom certificates?
>
> On Thursday, October 13, 2016 at 4:18:54 AM UTC-4,
在 2016年10月13日星期四 UTC+8上午10:58:34,谭晓生写道:
> Yuwei,
> I don’t know who you are, but I can tell you and the community, Qihoo 360
> never been involved in * Fire Wall project, if you did some investigation
> to the message that accused Qihoo 360 joined the project “Search Engine
> Content
在 2016年10月13日星期四 UTC+8下午2:01:19,yliv...@gmail.com写道:
> Would this be enough?
> http://www.cac.gov.cn/2016-09/19/c_1119583763.htm
>
> On Thursday, October 13, 2016 at 10:58:34 AM UTC+8, 谭晓生 wrote:
> > Yuwei,
> > I don’t know who you are, but I can tell you and the community, Qihoo 360
> > never
>WoSign will resell other trusted CA's SSL certificate to our customers to
>provide best product and best service to our customers.
Is the plan to resell StartCom certificates?
On Thursday, October 13, 2016 at 4:18:54 AM UTC-4, Richard Wang wrote:
> Percy,
>
> I think your English is too bad!
Would this be enough?
http://www.cac.gov.cn/2016-09/19/c_1119583763.htm
On Thursday, October 13, 2016 at 10:58:34 AM UTC+8, 谭晓生 wrote:
> Yuwei,
> I don’t know who you are, but I can tell you and the community, Qihoo 360
> never been involved in * Fire Wall project, if you did some
You have mentioned "Qihoo masking their browser as a critical Windows security
update to IE users. " , but their browser is fully insecure.
"Qihoo 360 Safe Browser" ignores ssl certificate error , open page directly
with cookie.
First seen 2014:
The person who founded Qihoo 360, Hongwei Zhou(周鸿祎), is the creator of the
malware named 3721. 3721 is the most widely spread malware in China before the
company Qihoo 360 was founded. The reason that "360安全卫士" (360 Total Security),
which is the most important product of Qihoo 360, became
On 13/10/16 01:40, Percy wrote:
> (Hmm, my previous comment about two faced WoSign disappeared from
> Google group probably due to anti-spam. Gerv, can you recover it for
> me?)
I have that message via the news interface, so it did get posted. It's
not in the spam filter.
Gerv
Things went interesting, the webpage is about the 19 honored internet security
researcher by China government, some of them are professors of university, like
Professor Xiaoyun Wang who contributed a lot on cryptology(MD5 ), Min
Yang, Haixin Duan, Jianwei Liu, Xingshu Chen……, and the fellow of
33 matches
Mail list logo