{"id":1683,"date":"2011-03-24T19:02:23","date_gmt":"2011-03-24T11:02:23","guid":{"rendered":"https:\/\/www.zuola.com\/weblog\/?p=1683"},"modified":"2011-03-26T05:53:23","modified_gmt":"2011-03-25T21:53:23","slug":"%e5%ae%89%e5%85%a8%e8%af%81%e4%b9%a6%e9%a2%81%e5%8f%91%e6%9c%ba%e6%9e%84comodo%e8%a2%ab%e5%85%a5%e4%be%b5%e5%90%8e%e7%9a%84%e5%ba%94%e5%af%b9%e6%96%b9%e6%a1%88","status":"publish","type":"post","link":"https:\/\/www.zuola.com\/weblog\/2011\/03\/1683.htm","title":{"rendered":"\u5b89\u5168\u8bc1\u4e66\u9881\u53d1\u673a\u6784Comodo\u88ab\u5165\u4fb5\u540e\u7684\u5e94\u5bf9\u65b9\u6848"},"content":{"rendered":"<p>\u8bfb\u5230\u8fd9\u6837\u4e00\u6761<a href=\"http:\/\/software.solidot.org\/article.pl?sid=11\/03\/24\/0339221&amp;amp;from=rss\">\u65b0\u95fb<\/a>\uff1a<\/p>\n<blockquote><p><!-- p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 20.0px; font: 13.0px Arial} span.s1 {text-decoration: underline ; color: #006666} --><\/p>\n<p class=\"p1\">Mozilla\u5728\u63a8\u51faFirefox 4\u6b63\u5f0f\u7248\u7684\u540c\u65f6\uff0c<a href=\"https:\/\/blog.mozilla.com\/security\/2011\/03\/22\/firefox-blocking-fraudulent-certificates\/\"><span class=\"s1\">\u53d1\u5e03<\/span><\/a>\u4e86<a href=\"https:\/\/www.mozilla.com\/en-US\/firefox\/all-older.html\"><span class=\"s1\">Firefox 3.6.16<\/span><\/a>\u548c3.5.18\uff0c\u4e3b\u8981\u662f\u5728\u9ed1\u540d\u5355\u4e2d\u52a0\u5165\u4e86\u591a\u4e2a\u4f2a\u9020\u7684SSL\u8bc1\u4e66\u3002<\/p>\n<p class=\"p1\">\u636eTor\u5b98\u65b9\u535a\u5ba2<a href=\"https:\/\/blog.torproject.org\/blog\/detecting-certificate-authority-compromises-and-web-browser-collusion\"><span class=\"s1\">\u62a5\u9053<\/span><\/a>\uff0cSSL\u8bc1\u4e66\u8ba4\u8bc1\u673a\u6784Comodo\u4e0a\u5468\u906d\u5230\u5165\u4fb5\uff0c\u653b\u51fb\u8005\u7ed9\u81ea\u5df1\u53d1\u4e86\u51e0\u5927\u91cd\u8981\u7f51\u7ad9\u7684\u6709\u6548HTTPS\u8bc1\u4e66\u3002\u8fd9\u4e9b\u7f51\u7ad9\u5305\u62ec\u4e86login.live.com\uff0cmail.google.com\uff0cwww.google.com\uff0clogin.yahoo.com\uff0clogin.skype.com\uff0caddons.mozilla.org\uff0cGlobal Trustee\u3002<a href=\"http:\/\/lwn.net\/Articles\/434993\/#Comments\"><span class=\"s1\">\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e9b\u8bc1\u4e66\u5192\u5145\u53d7\u5bb3\u8005\u7f51\u7ad9<\/span><\/a>\u3002Chrome\u3001Firefox\u5df2\u7ecf\u5c06\u5b83\u4eec\u52a0\u5165\u5230\u9ed1\u540d\u5355\u4e2d\uff0c\u5fae\u8f6f\u4e5f<a href=\"https:\/\/www.microsoft.com\/technet\/security\/advisory\/2524375.mspx\"><span class=\"s1\">\u53d1\u5e03\u4e86\u76f8\u5173\u66f4\u65b0<\/span><\/a>\u3002<\/p>\n<\/blockquote>\n<p>\u6211\u89c9\u5f97\u8fd9\u592a\u5371\u9669\u4e86\uff0c\u653b\u51fb\u8005\u4f2a\u9020\u7684SSL\u8bc1\u4e66\u5f71\u54cdGoogle\u3001skype\u3001yahoo\u3001live\u7b49\u7f51\u7ad9\uff0c\u914d\u5408DNS\u6c61\u67d3\u6280\u672f\u53ef\u4ee5\u4f2a\u9020\u8fd9\u4e9b\u7f51\u7ad9\u7684HTTPS\u767b\u5f55\u754c\u9762\u800c\u6ca1\u6709\u4efb\u4f55\u8b66\u544a\u3002<\/p>\n<p><!--more--><\/p>\n<p>\u4e2d\u56fd\u662fDNS\u6c61\u67d3\u7684\u91cd\u707e\u533a\uff0c\u52a0\u4e0a\u6211\u6536\u5230\u5f88\u591a<a href=\"http:\/\/mumayoujian.zuo.la\">\u7591\u4f3c\u6765\u81ea\u653f\u5e9c\u7684\u9493\u9c7c\u90ae\u4ef6<\/a>\uff0c\u6211\u89c9\u5f97\u8fd9\u6b21\u653b\u51fb\u8981\u662f\u53c8\u662f\u4f20\u8bf4\u4e2d\u7684\u201c\u84dd\u7fd4\u6280\u6821\u201d\u5e72\u7684\u7684\u8bdd\uff0c\u5236\u4f5c\u6728\u9a6c\u90ae\u4ef6\u6216\u7a83\u53d6Google Checkout \u3001SKYPE\u3001PAYPAL\u91cc\u7684\u94f6\u5b50\u5c31\u592a\u5bb9\u6613\u4e86\uff0c\u56e0\u4e3a\u7ed3\u5408DNS\u6c61\u67d3\u6b3a\u9a97\u7f51\u6c11\u8fdb\u5165\u4e2d\u95f4\u4eba\u653b\u51fb\u7ad9\u70b9\u4f1a\u6ca1\u6709\u4efb\u4f55\u7684\u5b89\u5168\u8b66\u544a\u3002\u5173\u4e8e\u5982\u4f55\u5229\u7528\u5b89\u5168\u8bc1\u4e66\u53bb\u5b9e\u73b0\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u8bf7\u9605\u8bfb\u8fd9\u7bc7\u6587\u7ae0\uff1a\u300a<a href=\"http:\/\/wuhongsheng.com\/it\/2009\/09\/ssl-hijack\/\">SSL\u7a83\u542c\u653b\u51fb\u5b9e\u64cd<\/a>\u300b\uff0c\u8fd9\u662f<a href=\"http:\/\/www.DNSPOD.com\">DNSPOD<\/a>\u7684\u521b\u59cb\u4eba<a href=\"https:\/\/twitter.com\/samwu\">\u5434\u6d2a\u58f0<\/a> \u5199\u7684\uff0c\u539f\u7406\u5c31\u662f\u6b63\u5f0f\u7684\u5411\u5df2\u7ecf\u88ab\u6d4f\u89c8\u5668\u9ed8\u8ba4\u4fe1\u4efb\u7684CA\u673a\u6784\u7533\u8bf7\u8bc1\u4e66\uff0c\u5f97\u5230\u5408\u6cd5\u7684\u8bc1\u4e66\uff0c\u7136\u540e\u7528\u5408\u6cd5\u8bc1\u4e66\uff0b\u4f2a\u9020\u7ad9\u70b9\u671f\u9a97\u7528\u6237\u8bbf\u95ee\uff0c\u8ba9\u7528\u6237\u8f93\u5165\u5bc6\u7801\uff0c\u7136\u540e\u518d\u5411\u771f\u6b63\u7684\u7ad9\u70b9\u8bf7\u6c42\u7528\u6237\u771f\u6b63\u9700\u8981\u7684\u5185\u5bb9\uff0c\u5c31\u50cf\u63d0\u4f9b\u4e86\u4e00\u4e2a\u4ee3\u7406\u670d\u52a1\u5668\u4e00\u6837\uff0c\u4f46\u7528\u6237\u611f\u89c9\u4e0d\u5230\u4e0e\u8bbf\u95ee\u6b63\u5b97\u7f51\u7ad9\u6709\u4ec0\u4e48\u533a\u522b\u3002\u8fd9\u5c31\u662f\u201c\u4e2d\u95f4\u4eba\u653b\u51fb\u201d\u3002<\/p>\n<p>\u89e3\u51b3\u65b9\u6cd5\u662f\u5347\u7ea7\u6d4f\u89c8\u5668\u3002firefox\u5df2\u7ecf\u589e\u52a0\u4e86SSL\u8bc1\u4e66\u7684\u9ed1\u540d\u5355\uff0c\u4f46\u6211\u4e0d\u77e5\u9053\u5230\u5e95\u662f\u54ea\u4e2a\u8bc1\u4e66\u6709\u95ee\u9898\uff0c\u6211\u4e8e\u662f\u50cf<a href=\"https:\/\/www.zuola.com\/weblog\/?p=1454\">\u5c4f\u853dCNNIC\u7684root CA<\/a>\u4e00\u6837\u628aComodo\u7ed9\u62c9\u9ed1\u4e86\uff0c\u5177\u4f53\u65b9\u6cd5\u662f\uff1a\u82f9\u679c\u7528\u6237\u5230\u5b9e\u7528\u5de5\u5177-&gt;\u94a5\u5319\u4e32\u8bbf\u95ee-&gt;\u7cfb\u7edf\u6839\u8bc1\u4e66-&gt;\u8bc1\u4e66\uff0c\u627e\u5230Comode(\u6216CNNIC)\u53cc\u51fb\uff0c\u6539\u9ed8\u8ba4\u4e3a\u6c38\u4e0d\u4fe1\u4efb. \u00a0\u8fd9\u6837\u9047\u5230\u4f2a\u9020\u7684GOOGLE\u767b\u5f55\u754c\u9762\u65f6\u4f1a\u6709\u5b89\u5168\u8b66\u544a\u3002<\/p>\n<p>\u62c9\u9ed1\u4e86CNNIC\u548cCOMODO\u7684\u6839\u8bc1\u4e66\uff0c\u4ee5\u540e\u51e1\u662f\u4f7f\u7528\u8fd9\u4e24\u5bb6\u8bc1\u4e66\u7684\u7f51\u7ad9\u90fd\u4f1a\u5bfc\u81f4\u6211\u7684\u7535\u8111\u4e0a\u7684\u6d4f\u89c8\u5668\u51fa\u73b0\u5b89\u5168\u8b66\u544a\u3002\u73b0\u5728GOOGLE\u7528\u7684\u662fVersign\u7684\u5e95\u4e0b\u7684Thawte SGC CA\u9881\u53d1\u7684\u8bc1\u4e66\uff0c\u8981\u662f\u54ea\u5929\u8bbf\u95ee\u65f6\u8df3\u51fa\u6765\u663e\u793a\u4e3aCOMODO\u9881\u53d1\u7684\uff0c\u90a3\u6211\u5c31\u4e2d\u5956\u4e86\u3002\u5f53\u7136\uff0c\u4f1a\u6709\u8bef\u6740\uff0c\u5982\u679c\u8bbf\u95ee\u522b\u7684\u4f7f\u7528\u4e86comodo\u7684\u5b89\u5168\u8bc1\u4e66\u7684\u7f51\u7ad9\uff0c\u6211\u7684\u6d4f\u89c8\u5668\u4e5f\u4f1a\u51fa\u73b0\u8b66\u544a\uff0c\u8981\u662f\u8fd9\u7ad9\u70b9\u4e0d\u662f\u91cd\u8981\u7684\u7f51\u7ad9\uff0c\u6211\u53ef\u4ee5\u4e34\u65f6\u5141\u8bb8\u8bbf\u95ee\u8fd9\u4e2a\u7f51\u7ad9\u3002<\/p>\n<p>\u53e6\u5916\uff0c\u91c7\u53d6\u4e00\u4e9b\u9632\u8303DNS\u52ab\u6301\u7684\u63aa\u65bd\u4e5f\u5c31\u4e0d\u4f1a\u9047\u5230\u4f7f\u7528\u4e86\u4f2a\u9020COMODO\u8bc1\u4e66\u7684\u7f51\u7ad9\u4e86\uff0c\u5982\u4f7f\u7528VPN\uff0c\u786e\u4fdd\u4f7f\u7528\u7684DNS\u670d\u52a1\u5668\u5730\u5740\u662f\u56fd\u5916\u7684\u5730\u5740\uff0c\u8fd8\u786e\u4fdd\u901a\u5f80DNS\u7684\u8def\u5f84\u662f\u8d70\u7684VPN\u901a\u9053\uff0c\u6bd4\u5982\uff0c\u4f7f\u7528SSH\u8f6c\u53d1\u7684\u7ffb\u5899\u8005\uff0c\u867d\u7136\u4f7f\u7528\u4e86 8.8.8.8 \u00a0\u8fd9\u4e2aDNS\u670d\u52a1\u5668\uff0c\u4f46\u7531\u4e8eDNS\u8bf7\u6c42\u4e0d\u8d70\u96a7\u9053\uff0c\u8fd8\u662f\u4f1a\u88abDNS\u52ab\u6301\u3002<\/p>\n<p>\u4f8b\uff1a<\/p>\n<p style=\"padding-left: 30px;\">nslookup blog.aiweiwei.com 8.8.8.8<\/p>\n<p>\u4f1a\u5f97\u5230\uff1a<\/p>\n<p style=\"padding-left: 30px;\">Non-authoritative answer:<br \/>\nName:<span style=\"white-space: pre;\"> <\/span>blog.aiweiwei.com<br \/>\nAddress: 93.46.8.89<\/p>\n<p>\u8fd9\u4e2a\u00a093.46.8.89\u5c31\u662fGFW\u7684DNS\u6c61\u67d3\u7684\u8bc1\u636e\uff0cblog.aiweiwei.com \u7684\u771f\u6b63IP\u5e94\u8be5\u662f\u00a067.205.38.6 \u624d\u5bf9\u3002<\/p>\n<p>\u9644\uff1a<\/p>\n<p>\u4ec0\u4e48\u53eb\u4e2d\u95f4\u4eba\u653b\u51fb\uff1f<\/p>\n<p>\u8fd9\u7bc7\u6587\u7ae0\u300a<a href=\"http:\/\/www.i170.com\/user\/wlj\/Article_9908\">\u4f1a\u8bdd\u52ab\u6301\u4e0e\u4e2d\u95f4\u4eba\u653b\u51fb<\/a> \u300b\u7528\u4e00\u4e2a\u6218\u4e89\u6848\u4f8b\u89e3\u91ca\u4e86\uff1a<\/p>\n<blockquote><p>20 \u4e16\u7eaa80 \u5e74\u4ee3\u540e\u671f\uff0c\u5357\u975e\u5728\u7eb3\u7c73\u6bd4\u4e9a\u4e0e\u5b89\u683c\u62c9\u9644\u8fd1\u4e0e\u53e4\u5df4\u4ea4\u6218\uff0c\u5f53\u65f6\u5357\u975e\u7684\u7a7a\u519b\u5b9e\u529b\u8f83\u5f3a\uff0c\u96f7\u8fbe\u7cfb\u7edf\u4e5f\u6bd4\u8f83\u53d1\u8fbe\uff0c\u62e5\u6709\u4e00\u5957\u7528\u4e8e\u654c\u6211\u8bc6\u522b\uff0c\u907f\u514d\u8bef\u4f24\u7684\u8d28\u8be2\/\u54cd\u5e94\u7cfb\u7edf\uff0c\u79f0\u4f5c IEF\uff0c\u53ea\u6709\u62e5\u6709\u5bc6\u94a5\u7684\u5357\u975e\u98de\u673a\u624d\u80fd\u591f\u89e3\u5bc6\u5e76\u53d1\u9001\u6b63\u786e\u7684\u56de\u5e94\u4fe1\u53f7\u3002<\/p>\n<p>\u6309\u7406\u8bf4\uff0c\u5357\u975e\u62e5\u6709\u5236\u7a7a\u6743\uff0c\u4f46\u4e00\u6b21\u6218\u5f79\u4e2d\uff0c\u53e4\u5df4\u5374\u6210\u529f\u5730\u8f70\u70b8\u4e86\u5357\u975e\u7684\u9635\u5730\uff0c\u4ed6\u4eec\u662f\u5982\u4f55\u5b9e\u73b0\u7684\u5462\uff1f<\/p>\n<p>\u539f\u6765\uff0c\u5f53\u5357\u975e\u8f70\u70b8\u673a\u524d\u53bb\u8f70\u70b8\u53e4\u5df4\u5730\u9762\u7684\u519b\u4e8b\u76ee\u6807\u65f6\uff0c\u53e4\u5df4\u7684\u7c73\u683c\u6218\u673a\u608d\u7136\u76f4\u5165\u5357\u975e\u7a7a\u9632\u533a\u3002\u5f53\u5357\u975e\u7684 IEF \u53d1\u9001\u8d28\u8be2\u4fe1\u53f7\u65f6\uff0c\u7c73\u683c\u5c06\u4fe1\u53f7\u53d1\u56de\u57fa\u5730\uff0c\u57fa\u5730\u8f6c\u53d1\u7ed9\u5357\u975e\u8f70\u70b8\u673a\u5e76\u53d6\u5f97\u5176\u56de\u5e94\uff0c\u518d\u9001\u56de\u7c73\u683c\uff0c\u7c73\u683c\u5c31\u8fd1\u4e4e\u5b9e\u65f6\u5730\u83b7\u53d6\u4e86 IEF \u7684\u54cd\u5e94\u4fe1\u53f7\u2026\u2026\u6574\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u7c73\u683c\u6218\u673a\u548c\u53e4\u5df4\u57fa\u5730\u5b9e\u9645\u4e0a\u5e76\u4e0d\u77e5\u9053\u8fd9\u4e9b\u8d28\u8be2\u54cd\u5e94\u4fe1\u53f7\u7684\u610f\u4e49\u2026\u2026<\/p>\n<p>\u8fd9\u5c31\u662f\u4e2d\u95f4\u4eba\u653b\u51fb\u4e86<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u8bfb\u5230\u8fd9\u6837\u4e00\u6761\u65b0\u95fb\uff1a Mozilla\u5728\u63a8\u51faFirefox 4\u6b63\u5f0f\u7248\u7684\u540c\u65f6\uff0c\u53d1\u5e03\u4e86F <span class=\"readmore\"><a href=\"https:\/\/www.zuola.com\/weblog\/2011\/03\/1683.htm\">Continue Reading &#8230;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1683","post","type-post","status-publish","format-standard","hentry","category-review"],"views":6024,"_links":{"self":[{"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/posts\/1683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/comments?post=1683"}],"version-history":[{"count":0,"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/posts\/1683\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/media?parent=1683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/categories?post=1683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zuola.com\/weblog\/wp-json\/wp\/v2\/tags?post=1683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}