undefined | Better HN

0 pointsbrian-armstrong10d ago0 comments

Why would you ever accept a mismatched certificate? Even assuming that you think your ISP has no nefarious plans, are you going to be able to rigorously confirm it's their certificate? At that point you've bypassed all the mechanisms in your browser that do this heavy lifting for you.

0 comments

lukan10d ago

Erm, where is the danger in a mismatched certificate, if all I want is to get some noncritical information from a blog or something?

eggprices9d ago

Local privilege escalation in your browser is a danger. They can also abuse any privileges you gave to the website, such as camera and microphone.

lukan9d ago

Why would I give a "random blog" access to my camera or microphon?

And how can a wrong certificate lead to local privilege escalation?

embedding-shape10d ago

Why wouldn't you? Your computer is not gonna be hijacked by it, and you want to see what shit your ISP is now up to.

Obviously I don't do my banking like that...

j / k navigate · click thread line to collapse