Closed Bug 1128366 Opened 9 years ago Closed 8 years ago

Add some sub domains of kuronekoyamato.co.jp into the whitelist of non-secure TLS fallback

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: masayuki, Unassigned)

References

Details

Masayuki Nakano [:masayuki] (he/him)(JST, +0900)

Reporter

Description

•

9 years ago

As far as I can access, following sub domains are also using non-secure TLS:

https://syuhai.kuronekoyamato.co.jp/
https://takuhai-locker.kuronekoyamato.co.jp/
https://c2.kuronekoyamato.co.jp/
https://okurijyoinji.kuronekoyamato.co.jp/
https://jizen.kuronekoyamato.co.jp/
https://otodoke.kuronekoyamato.co.jp/
https://tenkyo-tenso.kuronekoyamato.co.jp/
https://auction.kuronekoyamato.co.jp/
https://tsuhanshokai.kuronekoyamato.co.jp/
https://mytoi.kuronekoyamato.co.jp/

https://repair.kuroneko-kadendr.jp/

All of them are Kuroneko-Yamato's services for personal users. So, I guess that there are other sub domains (or other domains like the last one?) for enterprise users (I cannot access enterprise user's site).

Anyway, they add a sub domain for every service. Therefore, I think that we should allow *.kuronekoyamato.co.jp and *.kuroneko-kadendr.jp. If we won't do so, they could add new sub domain before or after we ship the behavior in release builds.

Masayuki Nakano [:masayuki] (he/him)(JST, +0900)

Reporter

Comment 1

•

9 years ago

Ah, and this:
https://bmypage.kuronekoyamato.co.jp/

This sub domain has a page to log-in of enterprise users.

Masayuki Nakano [:masayuki] (he/him)(JST, +0900)

Reporter

Comment 2

•

9 years ago

Hmm, they are "contact us" pages:

https://form.kuronekoyamato.co.jp/
https://contact-us.kuronekoyamato.co.jp/

Masatoshi Kimura [:emk]

Comment 3

•

9 years ago

I will add them to whitelist, but they should really fix the servers. In particular, we will have to turn off RC4 completely in the near future.

Blocks: TLS-Intolerance
No longer blocks: 1112110, 1114816

Component: Security: PSM → Desktop

Product: Core → Tech Evangelism

Masatoshi Kimura [:emk]

Updated

•

9 years ago

Blocks: 1112110, 1114816

Masatoshi Kimura [:emk]

Comment 4

•

9 years ago

More subdomains from bug 1084025 comment #112:
https://adsearch.kuronekoyamato.co.jp/
https://bmypageapi.kuronekoyamato.co.jp/
https://docrecycle.kuronekoyamato.co.jp/
https://golfsearch.kuronekoyamato.co.jp/
https://maplink.kuronekoyamato.co.jp/
https://mobile.kuronekoyamato.co.jp/
https://mobileotodoke.kuronekoyamato.co.jp/
https://ship-book.kuronekoyamato.co.jp/
https://smp-cmypage.kuronekoyamato.co.jp/
https://uketori.kuronekoyamato.co.jp/

https://repairmb.kuroneko-kadendr.jp/

Yuhong Bao

Comment 5

•

9 years ago

Hopefully the news about the RC4 attack when it is presented at Black Hat Asia 2015 will help.

Masatoshi Kimura [:emk]

Comment 6

•

9 years ago

FYI, this site was SSLv3 exclusive until December 2014.

Masatoshi Kimura [:emk]

Updated

•

9 years ago

Depends on: 1137179

Masatoshi Kimura [:emk]

Comment 7

•

8 years ago

Fixed.

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Assignee

Updated

•

5 years ago

Product: Tech Evangelism → Web Compatibility

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Add some sub domains of kuronekoyamato.co.jp into the whitelist of non-secure TLS fallback

Categories

(Web Compatibility :: Desktop, defect)

Tracking

(Not tracked)

People

(Reporter: masayuki, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Updated

Comment 7

Updated