zlacker

[parent] [thread] 3 comments
1. Square+(OP)[view] [source] 2020-11-29 00:25:31
Of course it does. Otherwise intermediaries can inject ads, tracking, spoof the content, or even redirect it to a malicious page.
replies(1): >>teknop+m2
2. teknop+m2[view] [source] 2020-11-29 00:54:07
>>Square+(OP)
https does not 100% prevent any of those things.
replies(1): >>charro+S4
◧◩
3. charro+S4[view] [source] [discussion] 2020-11-29 01:21:11
>>teknop+m2
How can someone spoof the page/inject ads if the site is served over https?

They would need to have compromised one of the root certificates on your machine to not give you a giant security warning.

In modern browsers there’s not even a button to bypass them (although I know I chrome you can type “this is unsafe” to a hidden input in the error page and it will let you bypass it temporarily).

replies(1): >>teknop+AZ3
◧◩◪
4. teknop+AZ3[view] [source] [discussion] 2020-11-30 18:32:36
>>charro+S4
MITM - https termination at a gateway or proxy.
[go to top]