Reply to post: Re: a couple of misleading statements in the article

Hacked in a public space? Thanks, HTTPS

Anonymous Coward
Anonymous Coward

Re: a couple of misleading statements in the article

> HTTPS validates the website identity, not the client identity

Good summary. Just to point out that HTTPS can actually validate both. This is used in some European countries to provide services to citizens (the browser uses a certificate either in its certificate store or in a smart card), and in many companies to authenticate users.

Still, it's not common, nor necessarily desirable, for the web at large, and since this "exploit" is well past its best-before date ... this is just another shot by this so-called "security researcher" to get himself some headlines. In reality the guy is frankly useless.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019