Reply to post:

Hacked in a public space? Thanks, HTTPS

LDS Silver badge

sslstrip downgrades the connection, but also tries to give enough fake visual feedback to make the user believe the connection is secure. If you're skilled and cautious enough, you may catch it.

If the attacker is able to feed you a fake certificate it could be a little more difficult if you don't check the certificate and its chain. Extended validations one may be a little better, but it all comes down to trust the allowed CAs...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019