undefined | Better HN

0 pointsTeMPOraL6y ago0 comments

"Insecure" is the new "is a witch". Too coarse to be used as a valid argument.

0 comments

Alright. It's not encrypted and not origin-verifiable then. I think we all knew that though... anyway it should be abundantly clear at this point that no one should be using protocols that can trivially be MITM'ed to access anything over the internet.

dieFledermaus6y ago

>...anyway it should be abundantly clear at this point that no one should be using protocols that can trivially be MITM'ed to access anything over the internet.

This is a specious argument because HTTP/HTTPS is regularly (and legally) MITM'ed[0, 1].

If we shouldn't use anything that can be MITM'ed, shouldn't we just shut down the internet? Wouldn't that stop MITM attacks permanently-like? What about phones? Or letters? Or even talking? Where does this scare-tactic of the MITM "boogey-man" end (for you)?

[0] - https://www.symantec.com/products/proxy-sg-and-advanced-secu...

[1] - https://www.occrp.org/en/daily/10431-kazakh-officials-delay-...

Someone12346y ago

Or involves the plain text transmission of passwords by design.

j / k navigate · click thread line to collapse