Y
Hacker News
new
|
ask
|
show
|
jobs
by
hrasyid
4262 days ago
Don't browsers typically verify the identity of a HTTPS page and warn you if something is not right?
1 comments
sp332
4262 days ago
Right, but in this case your browser never sees the page over HTTPS. The attacker makes the secure connection, and feeds you data over an insecure connection that they can see.
You <-(HTTP)-> Attacker <-(HTTPS)-> Facbook
link