|
|
|
|
|
|
by tylerd22
2137 days ago
|
|
|
I remember discovering Moxie Marlinspike talking about this issue 9 years ago and he described this attack as "deadly". And it really is. In essence, a man in the middle converts all https links to http and proxies out the traffic. A victim would need to notice the missing https in the the url to detect this. HSTS and https-everywhere browser plugin partially solves the problem. I think the only viable solution is for all http traffic to be encrypted and to consider non-encrypted traffic suspect. |
|
|