|
|
|
|
|
|
by escalt
1547 days ago
|
|
|
Exactly. A commonly missed attack vector is just intercepting plaintext http and blocking https, so the browser thinks the site doesn't offer https and will just continue in plaintext. The same criticism applies to smtp using starttls, an attacker can suppress the starttls command and the default is to just continue in plaintext. This is why an https only mode is important. In Firefox it can be enabled somewhere in the settings. |
|
|