Y
Hacker News
new
|
ask
|
show
|
jobs
by
sabellito
1872 days ago
How would that work? To my understanding https prevents mitm attacks.
3 comments
thrwaeasddsaf
1872 days ago
That assumes you're using https in the first place. Try enter openbsd.org in your browser and see whether you get the https site or not.
link
crtasm
1872 days ago
I get the HTTPS site, thanks to the HTTPS Everywhere extension.
link
batch12
1872 days ago
There are a few ways one could perform this attack. SSL stripping would be the most transparent. The attacker could also proxy SSL with a different cert. If the cert was invalid the victim would at least be warned. HSTS should mitigate this threat.
link
wizzwizz4
1872 days ago
It does. But it doesn't protect against:
User → HTTP connection → [INTERCEPTION] → HTTPS connection → website.
link