Hacker News new | ask | show | jobs
by brian-armstrong 42 days ago
Why would you ever accept a mismatched certificate? Even assuming that you think your ISP has no nefarious plans, are you going to be able to rigorously confirm it's their certificate? At that point you've bypassed all the mechanisms in your browser that do this heavy lifting for you.
2 comments
lukan 42 days ago
Erm, where is the danger in a mismatched certificate, if all I want is to get some noncritical information from a blog or something?
link
eggprices 41 days ago
Local privilege escalation in your browser is a danger. They can also abuse any privileges you gave to the website, such as camera and microphone.
link
lukan 41 days ago
Why would I give a "random blog" access to my camera or microphon?

And how can a wrong certificate lead to local privilege escalation?

link
embedding-shape 42 days ago
Why wouldn't you? Your computer is not gonna be hijacked by it, and you want to see what shit your ISP is now up to.

Obviously I don't do my banking like that...

link