Y
Hacker News
new
|
ask
|
show
|
jobs
by
entropyie
899 days ago
If the first request is plaintext, the request can be intercepted before you ever get the redirect, inserting a trojanised login page instead.