Hacker News new | ask | show | jobs
by raxxorraxor 640 days ago
Ironically because MITM attacks for corporate security are that common, a lot of developer tools are configured to just ignore TLS checks instead of importing the correct root certificate.

In case of an unsecured WiFi connection this is of course much more dangerous even.
1 comments
Appsmith 640 days ago
Wow! Didn’t know this!

I would’ve thought they would let devs handle it because if anything they’re more capable of these kinds of things (not counting myself ofc :-))

link
globular-toast 637 days ago
There are whole swathes of developers these days who don't even know what a network stack is, much less understand how HTTPS works. I expect these people were gumming up the bug trackers so they dumbed down the dev tools.

Fwiw, though, when I used Python behind a corporate proxy some 5-6 years ago nothing was configured to ignore the HTTPS warnings.

link
solardev 640 days ago
I think developers are especially at risk, because we all think we know the risks and can manage them better... yeah, right lol.

It's like how doctors and nurses are notoriously bad at getting their own health checkups. They're experts, they know better!

Pfft. How many of us actually spend time (and have the knowledge for) auditing the security of our OS, cert chains, HTTPS setup, etc.? I've seen experienced senior devs share private keys over Slack for the whole team to reuse, manually disable HTTPS checks with a comment like "too much trouble", etc. It's pretty scary.

link
rerdavies 637 days ago
I was amused by a prompt I received from Android Studio, requesting permissions to turn off anti-virus scanning for development directories. Which, of course, speeds up compile time dramatically (4 or 5x faster? A seriously non-trivial amount). Development directories, and SDK directories (including SDK binaries).

No more anti-virus protection for the directories that you as a developer should be most concerned about. What could possibly go wrong?

I'd be more concerned if I hadn't already done that, I suppose. Because compiles run so much faster when you do. But I was amused, nonetheless. :-/

link
Appsmith 640 days ago
That does sound very familiar!
link