|
|
|
|
|
|
by mplewis9z
900 days ago
|
|
|
What happens when a site you really do need and have HTTPS on (your bank, say) has a cross-site request forgery vulnerability, and someone plops an exploit script on that non-HTTPS site you visit? With crafty enough hackers, your savings just got wired to a foreign country. The entire internet needs to be HTTPS to protect against stupid security decisions made long ago that we can’t undo now in the name of backwards compatibility. |
|
|
We can undo it now, the powers that b just refuse to abandon the altar of backwards compatibility, damn the cost. (Even though the addition of a straightforward document browser with no JS and no dynamic content would seriously improve most of the internet....)