zlacker

[parent] [thread] 5 comments
1. fastba+(OP)[view] [source] 2020-11-28 21:16:29
No HTTPS tho.
replies(1): >>teknop+Ah
2. teknop+Ah[view] [source] 2020-11-29 00:05:10
>>fastba+(OP)
It doesn't need https.
replies(1): >>Square+kj
◧◩
3. Square+kj[view] [source] [discussion] 2020-11-29 00:25:31
>>teknop+Ah
Of course it does. Otherwise intermediaries can inject ads, tracking, spoof the content, or even redirect it to a malicious page.
replies(1): >>teknop+Gl
◧◩◪
4. teknop+Gl[view] [source] [discussion] 2020-11-29 00:54:07
>>Square+kj
https does not 100% prevent any of those things.
replies(1): >>charro+co
◧◩◪◨
5. charro+co[view] [source] [discussion] 2020-11-29 01:21:11
>>teknop+Gl
How can someone spoof the page/inject ads if the site is served over https?

They would need to have compromised one of the root certificates on your machine to not give you a giant security warning.

In modern browsers there’s not even a button to bypass them (although I know I chrome you can type “this is unsafe” to a hidden input in the error page and it will let you bypass it temporarily).

replies(1): >>teknop+Ui4
◧◩◪◨⬒
6. teknop+Ui4[view] [source] [discussion] 2020-11-30 18:32:36
>>charro+co
MITM - https termination at a gateway or proxy.
[go to top]