Reply to post:

Insecure web still too prevalent: Boffins unveil HSTS wall of shame

Anonymous Coward Silver badge

HTTPS isn't just about hiding the content. It's also about proving that the content is intact, as it left the source server, and that the source server is who they claim to be.

That URL shortener, for example, if someone MITMs that they can make any shortened URL redirect to a site of their choosing. That opens the door to all manner of phishing attacks. (URL shorteners are a ludicrous blight anyway, but that's off-topic)

At a bare minimum level, a MITM could change the advertising token so that the site's authors no longer receive the credit for that advertising, but the attacker does instead...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019