Abuse Melding

Je hebt een klacht over de onderstaande posting:

14-06-2018, 00:35 door Anoniem

Er bestaat toch "https Everywhere"? Waarom wordt daar in dit kader niets over gezegd? En ik ben niet te spreken over de ontkennende en negerende reactie van Bitwiper over de kwestie dat https (zonder hsts informatie in de browser over die site) gewoon kan worden omgeleid net als iedere https-verbinding die men start. https://www.owasp.org/index.php/Man-in-the-middle_attack: The MITM attack could also be done over an https connection by using the same technique; the only difference consists in the establishment of two independent SSL sessions, one over each TCP connection. The browser sets a SSL connection with the attacker, and the attacker establishes another SSL connection with the web server. In general the browser warns the user that the digital certificate used is not valid, but the user may ignore the warning because he doesn’t understand the threat. In some specific contexts it’s possible that the warning doesn’t appear, as for example, when the Server certificate is compromised by the ...

Beschrijf je klacht (Optioneel):

captcha