Hacker News new | ask | show | jobs
by charcircuit 1018 days ago
>That sucks

It's insecure. If you are a bank app you doesn't want other people to be able to steal the users password by installing a new certificate.
3 comments
mardifoufs 1018 days ago
How often does this happen on phones? Why do banks still allow desktop usage then?
link
charcircuit 1017 days ago
It doesn't matter how often it happens. It's a vulnerability that people will end up being exploited or the data will end up being stolen by another hacker.

Not all banks allow desktop usage. Some banks restrict certain functionality from the web interface since it is less secure.

link
feanaro 1017 days ago
It absolutely matters how often it happens. Otherwise we should start imprisoning everyone in the hopes of getting that one serial killer by the same principle. Some cures are worse than the disease.
link
zb3 1018 days ago
This is not the same scenario as the user installing a new certificate themselves.
link
charcircuit 1017 days ago
Someone's company can install a certificate onto employee's work phones.
link
Brian_K_White 1018 days ago
Tough shit. If you are a lot of things you want or don't want a lot of things. It doesn't mean they have a right to the thing they want or don't want.
link