undefined | Better HN

0 pointslawnchair_larry5y ago0 comments

This is silly to use as a blanket statement. There is nothing harmful about hosting a website. Especially personal sites, internal sites, or small businesses who use it as little more than a brochure that serves static content. My roof repair guy is not harming anyone by posting his information on a basic website.

0 comments

staticassertion5y ago

What if I visit your roof repair guy's site and content is injected, informing me that they now take payments online? Or that I can download their special Roof Repair App to manage my bookings? Or it contains an exploit payload?

It is extremely uncommon for me to actually visit an HTTP website - I even have HTTPSEverywhere block them by default, so I'd know if I were. That means that I am relatively protected to such avenues until I visit your roof repair guy's website.

DenisM5y ago

If I was the bad actor I would simply purchase google ads in the name of the target business sending traffic to my own site with wonderful green padlock - it's cheaper and has bigger reach than trying to hijack TCP/IP traffic.

More to the point - if I am running a collection of Karl Marx works it is highly unlikely that he would request payments.

staticassertion5y ago

You're describing a completely different attack vector, which is the entire point - to push attackers to different attacks. if we eliminate HTTP, we can focus more effort on the attacks you're describing.

Regardless of the content, hijacking is a danger to users.

1 more reply

j / k navigate · click thread line to collapse

0 pointslawnchair_larry5y ago0 comments

0 comments

staticassertion5y ago

DenisM5y ago

More to the point - if I am running a collection of Karl Marx works it is highly unlikely that he would request payments.

staticassertion5y ago

Regardless of the content, hijacking is a danger to users.

1 more reply

j / k navigate · click thread line to collapse