|
|
|
|
|
|
by uponcoffee
2656 days ago
|
|
|
That's a fair point. My reply was more in the context of the root comment - and with an average attacker in mind - where they were describing eavesdropping as opposed an attack carried out by a sophisticated actor. My point was that MITMing HTTPS and HSTS isn't really necessary to carry out an attack as described by the root comment. You only need to be in position to eavesdrop and/or MITM http connections to scrape together the necessary information; a much lower bar. |
|
|