|
|
|
|
|
|
by ridgewell
2625 days ago
|
|
|
>But in reality, the services that really need security are going over TLS, where at least the connection itself is secure. I think other considerations include whether or not the sites that you visit implement HSTS. While many sites do support HTTPS-only logins, several webservices are actually quite vulnerable to software such as SSLstrip[1], which redirects hijacked users to plaintext HTTP pages whenever feasible. While many sites implement TLS, several sites don't implement HSTS. I am not sure about the HSTS policies of the top 3000 sites so I will not comment on that. [1]https://moxie.org/software/sslstrip/ |
|
|