RagingRaven

Members
  • Content count

    35
  • Joined

  • Last visited

Community Reputation

6 Neutral

About RagingRaven

  • Rank
    Freshman
  1. You are talking about MX4, we however are talking about older versions of MX5. I've been using MX5 from the start and never before did malwarebytes flag the QA page. So in my opinion there are two options: 1. Malwarebytes got an update and now has extra checks, which is why the QA page gets flagged. Or 2. Maxthon QA page got changed with code that Malwarebytes sees as malicious. Seeings as on 2 computers I've tested this on, the problem appears after updating Maxthon, I'm putting my money on nr 2. No matter the case though, it's not a Malwarebytes issue, it's an issue with the QA page, even if Malwarebytes got better detection, there's still some strange fishy code on the QA page. A normal HTML/CSS page won't ever get flagged by Malwarebytes, only sites with some code that can be executed on the users computer will get flagged. So chances are there is some Javascript code running on the QA page. Taking into account that Maxthon has been exprimenting with Cryptomining and Malwarebytes actively blocking sites that mine without consent, I'm betting there's some mining code running on the QA page. If that is indeed the case, it should be removed from the QA page, not ignored/whitelisted in Malwarebytes.
  2. Even though normally some random Chinese characters might show, it's still strange that this happens when openening a new tab, why would there be any need to load some page first and then redirect to the actual 'new tab page'? As for Maxthon being fishy, they have a track record of doing fishy stuff, so it's not really that big of a stretch. In the past they've had issues with handeling SSL/HTTPS connections, they've messed with the search provider, even when a custom one was chosen, they've messed with this mining 'feature' without informing their users, so it's not really all that strange to think they are trying something like that again. And as Tur says, Malwarebytes doesn't flag malware on that page for nothing, so there is in fact some fishy code on that page that Malwarebytes notices. But whatever the case may be, there's still an issue with the tab not going to the actual new tab 'page'. It just stays on the page with the Chinese text, so I can't use my bookmarks/favorites on the new tab.
  3. For me it's almost the same, but even worse, it doesn't redirect me to a new tab at all, it just stays on the page. The page itself also shows chinese characters. For me a new tab now looks like this: Seems to me Maxthon is doing something fishy again, please fix.
  4. Maxthon not checking certificates?

    No.1MaxthonFan replied at 2015-2-25 03:03 I think it's time to stop repeating the same thing over and over and over and over. They know there ... You are right, we have said what we wanted to say, now it's up to the devs to look at it. Thanks everybody for responding and let's wait for a fix
  5. Maxthon not checking certificates?

    @ultra7up Yes this is BAD, but there's not much we can do at this point, we have to wait for the people from maxthon to fix this. Until a fix is provided I suggest using another browser. Also see this reply earlier in this thread: http://forum.maxthon.com/forum.php?mod=redirect&goto=findpost&ptid=14628&pid=78943&fromuid=13130757
  6. Maxthon not checking certificates?

    Can I ask why this thread has been moved to user voices? I didn't get a notice and couldn't find it at first. Secondly I don't think user voices is a good category...this issue is extremely serious and should get more attention than what user voices suggests. To me user voices sounds like user's opinions and this most definitely isn't just an opinion.
  7. Maxthon not checking certificates?

    I'm not on a Lenovo laptop or a Lenovo desktop for that matter. I'm on a home-built computer, an Asus laptop and desktop from HP. All have the same issue, but only in Maxthon. If it was actually an infection with superfish, it would give the same response in all browsers, not just in Maxthon. It's not our computers, it's Maxthon. Just to make things a bit more clear, I work in a computer repair shop, and I've actually tried this on a clean install on a newly built computer. Again only Maxthon gives a problem, none of the other browsers do this.
  8. Maxthon not checking certificates?

    Mist001 replied at 2015-2-20 12:14 I installed Chrome and tried it, and Chrome says I'm Ok, Maxthon says I'm vulnerable. The finger' ... Yeah, I'm pretty sure it's a problem with maxthon, but unfortunately we will have to wait till at least Tuesday from what No.1MaxthonFan tells us.
  9. Maxthon not checking certificates?

    Just to be sure I also tried with updated custom user agent string and with custom user agent string disabled. Both give the same result, so the user agent string is totally unrelated. I also tried from work, where I have window 8.1 instead of 7, so OS seems unrelated as well. I saw there was an official release of maxthon version 4.4.4.2000 (doesn't come with auto updates yet apparently), and tried it with that version as well. Unfortunately this version also has the issue.
  10. Maxthon not checking certificates?

    Oliver One replied You said 4.4.3.4000, but here I see 4.4.0.3000! Your UA is not updated? Post time Yesterday 23:31 @ Oliver - I looked on the 'about' page there it says 4.4.3.4000, but in the custom user agent string in advanced options it says 4.4.0.3000, I guess this one doesn't get updated when updating to a new version (which is pretty logical). But I'm pretty sure the user agent string doesn't affect checking certificates.
  11. Maxthon not checking certificates?

    Seeing as I forgot, my browser versions: Maxthon: 4.4.3.4000 IE: 11.0.9600.17633 Opera: 27.0.1689.69 Chrome: 40.0.2214.115 m Firefox: 35.0.1 I've not seen any strange behavior as Mist has though, but I do find this serious enough to drop this browser when doing my banking business and any payments. I would also encourage anybody else not to do any online banking or payments through Maxthon until this issue is fixed, because if certificates aren't checked, a man in the middle attack would be peanuts.
  12. When I do the Superfish CA Test (https://filippo.io/Badfish/) it tells me anyone can intercept the connections made from Maxthon. I tried in both Ultra and Retro mode, both say the certificate isn't checked. I also tried in Internet Explorer, Chrome, Opera and Firefox and each one of those passes the test, but only Maxthon fails. Please check this, because this is a serious security risk. Also, it seems this might be related to this: http://forum.maxthon.com/thread-13281-1-1.html