Qihoo 360's AI Product Leaked the Platform's SSL Key, Issued by Its Own CA Banned for Fraud

Qihoo 360 (China's largest cybersecurity company, ~460 million users) shipped the wildcard SSL private key for *.myclaw.360.cn inside the public installer for their new AI product, 360 Security Lobster. The certificate was issued by WoTrus CA Limited, which is a subsidiary of Qihoo 360 itself. WoTrus is the rebranded WoSign, the same CA that was distrusted by Chrome, Firefox, and Safari in 2016 for backdating 64 SHA-1 certificates. Key details: Private key found at /namiclaw/components/OpenClaw/

• Qihoo 360's AI Product Leaked the Platform's SSL Key, Issued by Its Own CA Banned for Fraud
  r/sysadmin

• anyone here built systems that interact with websites instead of APIs? background
• does anyone using this exact architecture? background
• New to the web platform in December background
• GitHub - cardog-ai/icons: A comprehensive library of car brand logos and icons background
• docmd v0.6 - A zero-config docs engine that ships under 20kb script. No React, no YAML hell, just high-performance Markdown background