RagingRaven
-
Posts
35 -
Joined
-
Last visited
Content Type
Profiles
Forums
Release Notes
Bug Tracker
Help page
Help page-CN
Release Note5
Rules and recruitment
Release Note6
Posts posted by RagingRaven
-
-
@ultra7up Yes this is BAD, but there's not much we can do at this point, we have to wait for the people from maxthon to fix this.
Until a fix is provided I suggest using another browser.
Also see this reply earlier in this thread: http://forum.maxthon.com/forum.php?mod=redirect&goto=findpost&ptid=14628&pid=78943&fromuid=13130757
-
@odyssee Thanks!
-
Can I ask why this thread has been moved to user voices?
I didn't get a notice and couldn't find it at first.
Secondly I don't think user voices is a good category...this issue is extremely serious and should get more attention than what user voices suggests.
To me user voices sounds like user's opinions and this most definitely isn't just an opinion.
-
I'm not on a Lenovo laptop or a Lenovo desktop for that matter.
I'm on a home-built computer, an Asus laptop and desktop from HP.
All have the same issue, but only in Maxthon.
If it was actually an infection with superfish, it would give the same response in all browsers, not just in Maxthon.
It's not our computers, it's Maxthon.
Just to make things a bit more clear, I work in a computer repair shop, and I've actually tried this on a clean install on a newly built computer.
Again only Maxthon gives a problem, none of the other browsers do this.
-
Mist001 replied at 2015-2-20 12:14
I installed Chrome and tried it, and Chrome says I'm Ok, Maxthon says I'm vulnerable. The finger' ...
Yeah, I'm pretty sure it's a problem with maxthon, but unfortunately we will have to wait till at least Tuesday from what No.1MaxthonFan tells us.
-
Just to be sure I also tried with updated custom user agent string and with custom user agent string disabled.
Both give the same result, so the user agent string is totally unrelated.
I also tried from work, where I have window 8.1 instead of 7, so OS seems unrelated as well.
I saw there was an official release of maxthon version 4.4.4.2000 (doesn't come with auto updates yet apparently), and tried it with that version as well.
Unfortunately this version also has the issue.
-
Oliver One replied
You said 4.4.3.4000, but here I see 4.4.0.3000! Your UA is not updated? Post time Yesterday 23:31
@ Oliver - I looked on the 'about' page there it says 4.4.3.4000, but in the custom user agent string in advanced options it says 4.4.0.3000, I guess this one doesn't get updated when updating to a new version (which is pretty logical).
But I'm pretty sure the user agent string doesn't affect checking certificates.
-
Seeing as I forgot, my browser versions:
Maxthon: 4.4.3.4000
IE: 11.0.9600.17633
Opera: 27.0.1689.69
Chrome: 40.0.2214.115 m
Firefox: 35.0.1
I've not seen any strange behavior as Mist has though, but I do find this serious enough to drop this browser when doing my banking business and any payments.
I would also encourage anybody else not to do any online banking or payments through Maxthon until this issue is fixed, because if certificates aren't checked, a man in the middle attack would be peanuts.
-
When I do the Superfish CA Test (https://filippo.io/Badfish/) it tells me anyone can intercept the connections made from Maxthon.
I tried in both Ultra and Retro mode, both say the certificate isn't checked.
I also tried in Internet Explorer, Chrome, Opera and Firefox and each one of those passes the test, but only Maxthon fails.
Please check this, because this is a serious security risk.
Also, it seems this might be related to this:
Maxthon not checking certificates?
in Archived General Discussion
Posted
No.1MaxthonFan replied at 2015-2-25 03:03
I think it's time to stop repeating the same thing over and over and over and over. They know there ...
You are right, we have said what we wanted to say, now it's up to the devs to look at it.
Thanks everybody for responding and let's wait for a fix