Hacker News new | ask | show | jobs
by emedchill 1349 days ago
Without you proving an example, my best guess is that the site is using weak ciphers or old SSL/TLS versions. Technically, it has some security but not good enough by today's standards.

If you run into that issue again, try running it though https://www.ssllabs.com/ssltest/
2 comments
emedchill 1349 days ago
It could also be that your phone has some sort of MITM or packet sniffing program that is doing an insecure redirect, capturing your intended destination then sending you to it.
link
gtirloni 1349 days ago
Could a captive portal be doing that? How would it capture my request? Maybe DNS intercept that redirects me to some of its servers before doing a redirect?

I don't think I have an app sniffing my phone. It's not rooted and it happens semi-randomly.

link
gtirloni 1349 days ago
I mentioned it happened on HN (news.ycombinator.com) just before I posted this submission.
link