Y
Hacker News
new
|
ask
|
show
|
jobs
by
HappyTypist
3921 days ago
Google has HSTS so requests will be prematurely terminated, however it'll still be a huge DDoS attack.
1 comments
0x0
3921 days ago
Well if you control the domain you can easily get an SSL cert (except some clients might pin the CA for google.com).
link
nly
3921 days ago
IIRC, all Chrome users are pinned for *.google.com
link
LgWoodenBadger
3920 days ago
However, chrome will still trust certs issued for Google domains that come from non-Google trusted issuers (things in your local trusted keystore)
It sucks because now your employee can MITM you for gmail/google chat/etc
link
HappyTypist
3920 days ago
Certificates are pinned too.
link