RagingRaven Posted February 19, 2015 Report Share Posted February 19, 2015 When I do the Superfish CA Test (https://filippo.io/Badfish/) it tells me anyone can intercept the connections made from Maxthon. I tried in both Ultra and Retro mode, both say the certificate isn't checked. I also tried in Internet Explorer, Chrome, Opera and Firefox and each one of those passes the test, but only Maxthon fails. Please check this, because this is a serious security risk. Also, it seems this might be related to this: http://forum.maxthon.com/thread-13281-1-1.html Link to comment Share on other sites More sharing options...
maverickrohan Posted February 19, 2015 Report Share Posted February 19, 2015 I was just about to make a post about this and saw this post ... could someone from the Maxthon Dev Team look into this please? I got positives from the following browsers: IE 11 (11.0.9600.17631) Maxthon Nitro 1.0.0.3000 Firefox 35.0.1 Opera 27 (27.0.1689.69) ONLY negative result was from: Maxthon 4.4.4.2000 Link to comment Share on other sites More sharing options...
Mist001 Posted February 19, 2015 Report Share Posted February 19, 2015 I'm getting the same result too, although I had no idea that it's Maxthon that's causing it. I don't have Superfish so I've been trying to find out why I'm failing the security test. IF it's Maxthon, then that would explain a lot. I've complained here before about Chinese pop ups appearing, recently it's Facebook pages automatically refreshing and so on. Am I being intercepted via Maxthon? This needs seriously checked. Link to comment Share on other sites More sharing options...
RagingRaven Posted February 19, 2015 Author Report Share Posted February 19, 2015 Seeing as I forgot, my browser versions: Maxthon: 4.4.3.4000 IE: 11.0.9600.17633 Opera: 27.0.1689.69 Chrome: 40.0.2214.115 m Firefox: 35.0.1 I've not seen any strange behavior as Mist has though, but I do find this serious enough to drop this browser when doing my banking business and any payments. I would also encourage anybody else not to do any online banking or payments through Maxthon until this issue is fixed, because if certificates aren't checked, a man in the middle attack would be peanuts. Link to comment Share on other sites More sharing options...
No.1MaxthonFan Posted February 20, 2015 Report Share Posted February 20, 2015 RagingRaven replied at 2015-2-19 18:52 Seeing as I forgot, my browser versions: Maxthon: 4.4.3.4000 IE: 11.0.9600.17633 Unfortunatly, China is on holiday until the 24th so nothing will be done, probably, until then. Windows 10 64-bit build 10525/Windows 10 Mobile build 10512 Link to comment Share on other sites More sharing options...
Mist001 Posted February 20, 2015 Report Share Posted February 20, 2015 How do you find which certificates are connected to Maxthon? There's none listed as Maxthon on my Trusted Certificates List. Do they use a different name or title, or is there a country, perhaps China, which identifies them? I'd like to remove the Maxthon certificates and see what happens when I check the Superfish test page. If I still fail the test, then I know it's something else. Link to comment Share on other sites More sharing options...
RagingRaven Posted February 20, 2015 Author Report Share Posted February 20, 2015 Oliver One replied You said 4.4.3.4000, but here I see 4.4.0.3000! Your UA is not updated? Post time Yesterday 23:31 @ Oliver - I looked on the 'about' page there it says 4.4.3.4000, but in the custom user agent string in advanced options it says 4.4.0.3000, I guess this one doesn't get updated when updating to a new version (which is pretty logical). But I'm pretty sure the user agent string doesn't affect checking certificates. Link to comment Share on other sites More sharing options...
RagingRaven Posted February 20, 2015 Author Report Share Posted February 20, 2015 Just to be sure I also tried with updated custom user agent string and with custom user agent string disabled. Both give the same result, so the user agent string is totally unrelated. I also tried from work, where I have window 8.1 instead of 7, so OS seems unrelated as well. I saw there was an official release of maxthon version 4.4.4.2000 (doesn't come with auto updates yet apparently), and tried it with that version as well. Unfortunately this version also has the issue. Link to comment Share on other sites More sharing options...
Mist001 Posted February 20, 2015 Report Share Posted February 20, 2015 I installed Chrome and tried it, and Chrome says I'm Ok, Maxthon says I'm vulnerable. The finger's pointing at Maxthon yet again. Link to comment Share on other sites More sharing options...
RagingRaven Posted February 20, 2015 Author Report Share Posted February 20, 2015 Mist001 replied at 2015-2-20 12:14 I installed Chrome and tried it, and Chrome says I'm Ok, Maxthon says I'm vulnerable. The finger' ... Yeah, I'm pretty sure it's a problem with maxthon, but unfortunately we will have to wait till at least Tuesday from what No.1MaxthonFan tells us. Link to comment Share on other sites More sharing options...
Mist001 Posted February 21, 2015 Report Share Posted February 21, 2015 I raised it on their FB page last night and the guy responded that I was right, he'd just checked it on a Lenovo laptop!! I had to remind him that I wasn't using anything connected with Lenovo, nor was there a Superfish certificate on my machine and that everything was OK whilst using different browsers. I felt embarrassed for the guy because there were no further replies after that, he was obviously just trying to palm me off with some excuse and platitudes. Link to comment Share on other sites More sharing options...
No.1MaxthonFan Posted February 21, 2015 Report Share Posted February 21, 2015 Ohke replied at 2015-2-21 08:00 If you find any names like this, in your Installed Programs and also under your Trusted Certificate ... I have a lenovo Desktop and there are no certificates on this machine running Windows 10 Technical Preview 9926 and no installed software either, so it is Maxthon that is giving me a false positive. Windows 10 64-bit build 10525/Windows 10 Mobile build 10512 Link to comment Share on other sites More sharing options...
RagingRaven Posted February 21, 2015 Author Report Share Posted February 21, 2015 I'm not on a Lenovo laptop or a Lenovo desktop for that matter. I'm on a home-built computer, an Asus laptop and desktop from HP. All have the same issue, but only in Maxthon. If it was actually an infection with superfish, it would give the same response in all browsers, not just in Maxthon. It's not our computers, it's Maxthon. Just to make things a bit more clear, I work in a computer repair shop, and I've actually tried this on a clean install on a newly built computer. Again only Maxthon gives a problem, none of the other browsers do this. Link to comment Share on other sites More sharing options...
30563892 Posted February 21, 2015 Report Share Posted February 21, 2015 Testing Maxthon here https://filippo.io/Badfish/ Link to comment Share on other sites More sharing options...
Ldfa Posted February 22, 2015 Report Share Posted February 22, 2015 For emergency request, please feel free to contact our US team at International@maxthon.com Source : http://forum.maxthon.com/thread-14580-1-1.html See ya, Ldfa. Link to comment Share on other sites More sharing options...
moss33 Posted February 23, 2015 Report Share Posted February 23, 2015 So, is it safety using maxthon before they fix this? Link to comment Share on other sites More sharing options...
30112853 Posted February 23, 2015 Report Share Posted February 23, 2015 moss33 replied at 2015-2-22 18:47 So, is it safety using maxthon before they fix this? Basically no, because if certifices aren't check for validity, then a corrupt party could inject their own certificate and intercept all traffic you send/receive. For instance, if you go to your online banking account and enter your login information a third party could intercept your codes and use them to make transactions to themselves. This is called a man-in-the-middle attack. http://en.wikipedia.org/wiki/Man-in-the-middle_attack So for websites which only show you some info, this isn't too big of a deal, but for any site where you enter user-data it is a serious issue. So until this is fixed, I would suggest not doing anything which requires you to enter usernames/passwords and the like. For those instances I'd suggest using another browser (chrome, firefox, opera). Link to comment Share on other sites More sharing options...
RagingRaven Posted February 23, 2015 Author Report Share Posted February 23, 2015 Can I ask why this thread has been moved to user voices? I didn't get a notice and couldn't find it at first. Secondly I don't think user voices is a good category...this issue is extremely serious and should get more attention than what user voices suggests. To me user voices sounds like user's opinions and this most definitely isn't just an opinion. Link to comment Share on other sites More sharing options...
30112853 Posted February 23, 2015 Report Share Posted February 23, 2015 Agreed, it almost feels like they want to bury this And it appears to work as Google no longer finds the topic when you search for 'Superfish Maxthon', whereas it was the top result before this thread got moved. And apparently others can't find the topic neither: http://forum.maxthon.com/forum.php?mod=viewthread&tid=14630&extra=page%3D1%26filter%3Dtypeid%26typeid%3D132%26typeid%3D132 Link to comment Share on other sites More sharing options...
RagingRaven Posted February 23, 2015 Author Report Share Posted February 23, 2015 @odyssee Thanks! Link to comment Share on other sites More sharing options...
30112853 Posted February 23, 2015 Report Share Posted February 23, 2015 It's okay odyssee, I forgive you And I didn't really think you were doing it on purpose, that's why I said almost and used the ':P' Link to comment Share on other sites More sharing options...
Ultraman Posted February 23, 2015 Report Share Posted February 23, 2015 HI GUYS !!! THIS IS GOOD OR THIS IS BAD WHAT CAN I DO? ANY SUGGESTION? I USE THIS VERSION 4.4.3.4000 Link to comment Share on other sites More sharing options...
RagingRaven Posted February 23, 2015 Author Report Share Posted February 23, 2015 @ultra7up Yes this is BAD, but there's not much we can do at this point, we have to wait for the people from maxthon to fix this. Until a fix is provided I suggest using another browser. Also see this reply earlier in this thread: http://forum.maxthon.com/forum.php?mod=redirect&goto=findpost&ptid=14628&pid=78943&fromuid=13130757 Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2015 Report Share Posted February 23, 2015 Hi guys, we are aware of this and at the moment out team is investigating it and looking for solution. We will let you know the results ASAP. Link to comment Share on other sites More sharing options...
Mist001 Posted February 24, 2015 Report Share Posted February 24, 2015 I'm pretty concerned about this. I used Paypal before I knew about this situation but since I have, I've gone ahead and changed my Paypal password because that's the one that's dealing with money. Is there any others I should be changing, email, Ebay, and so on? I've got a vast amount of accounts which may all be vulnerable now and it'll take me a fair bit of time to change all their passwords and stuff. This is pretty shocking behaviour from Maxthon. I wonder if they've been spying on Maxthon users all this time until Superfish hit the headlines? I've reported Chinese pop ups and other strange behaviours here lots of times and just been more or less dismissed but it's the fact that they moved this thread and tried to bury that's got my suspicions up. Link to comment Share on other sites More sharing options...
magg Posted February 24, 2015 Report Share Posted February 24, 2015 Mist001 replied at 2015-2-24 19:31 I'm pretty concerned about this. I used Paypal before I knew about this situation but since I have, ... Stop acting like a paranoid, lol ! Flash is buggy, Windows is also buggy. Google, Microsoft are spying you too. You can always stop using all this fishy software. No one force you to using Maxthon. Wait when holidays in China ends and we will see then what Maxthon dev's say about this. For now I would advise you to end up spinning the own conspiracy theory. Link to comment Share on other sites More sharing options...
Tony Posted February 24, 2015 Report Share Posted February 24, 2015 Mist001 replied at 2015-2-24 18:31 I'm pretty concerned about this. I used Paypal before I knew about this situation but since I have, ... complete rubbish imo - if you are worried about all you say then find the off button on your computer - that will solve all you are worried about Tony - Vivaldi 4 on Windows 10 64Bit Link to comment Share on other sites More sharing options...
Mist001 Posted February 24, 2015 Report Share Posted February 24, 2015 Well, I think you're all wrong not to be concerned about this. These are more or less the same responses that I got when I was reporting the Chinese pop ups with Maxthon. If anyone gets robbed whilst using Maxthon, is there any recompense? No. I'm asking about the risks, you clowns are acting like you know all the risks already when really, you know nothing. Link to comment Share on other sites More sharing options...
Tony Posted February 24, 2015 Report Share Posted February 24, 2015 i know that the minute i turn my pc on and access the internet there are risks - i dont think there are more or less with this - like i said press the off button or use another browser nothing will happen until they get back to work so you have to choose Tony - Vivaldi 4 on Windows 10 64Bit Link to comment Share on other sites More sharing options...
7twenty Posted February 24, 2015 Report Share Posted February 24, 2015 Mist001 replied at 2015-2-25 04:31 I've reported Chinese pop ups and other strange behaviours here lots of times and just been more or less dismissed but it's the fact that they moved this thread and tried to bury that's got my suspicions up.I don't think they've been dismissed, just that there was no solid info found to confirm exactly what it was. Nothing has been explicitly stated either way. As far as the thread being "buried"... you're trying to make something out of nothing. The thread was accidentally moved to User Voices when it was merged with another thread (post #15). That was nothing more than the Mod doing the merge not noticing what forum the merged thread was allocated to. This was fixed as soon as they were notified, and nothing to do with your paranoia about Maxthon trying to hide stuff. If we were trying to make it look like Maxthon is the perfect browser then 99% of the threads here would be deleted :-P I wonder if they've been spying on Maxthon users all this time until Superfish hit the headlines?I'm not sure if you realise but Maxthon's install base is tiny compared to any of the other browsers. The odds that anyone would be specifically targeting it (even in light of this apparent issue) is highly unlikely. Link to comment Share on other sites More sharing options...
Recommended Posts