|
|
|
|
|
|
by UncleMeat
2885 days ago
|
|
|
> At best, HTTPS complicates the attack but it doesn't make you immune to it. That's literally all security. It isn't binary. It never is. At best, ASLR complicates ROP. At best, salts complicate breaking password hashes. At best, memory safe languages complicate buffer overflow attacks. One could use your argument to dismiss basically all security. You've chosen zero mitm protection rather than a lot of mitm protection. If you aren't using https then a network attacker with no preplanning can cause problems. If you are using https then a network attacker needs to get a bogus cert ahead of time. This costs money and time and does not scale well. Security is an economics issue. Making it more expensive to attack people is good. |
|
|