Reply to post:

Hacked in a public space? Thanks, HTTPS

Anonymous Coward
Anonymous Coward

> I don't follow this. Surely if your traffic is being intercepted and redirected to HTTP you don't get the browser padlock?

Yes that's true - but most people are fooled if you simply replace the site's favicon.ico with a padlock image. Plus, browsers don't give any negative security feedback simply because you are accessing a site over HTTP.

The original presentation is worth reading:

http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019