In this newsletter, we’ll cover the following topics: Reliability of HTTPs The CRON Cheatsheet Understanding REST API ISO standards applied to smart cards Is HTTPs safe? If HTTPS is safe, how can tools like Fiddler capture network packets sent via HTTPS?
This post is misleading. Https is really safe. This scenario in the blog can happen only for self-signed certificate. The role of Certificate Authority(CA) is to avoid what the blog mentioned.
How would the request be maliciously routed to an intermediate server in practice? Would it need malware installed? Thanks as ever - love these quick grabs arriving in my inbox :)
Your prerequisite to showing how HTTPS is unsafe is that you’ve already agreed to give your information to the third party.
The answer to the question, is HTTPS safe?, is yes.
This section is misleading at best. The caveats are only: CA hacks (very unlikely) or access to your machine to install certificates.
I mean this is how most corporate proxies work.... allowing the company to view all traffic sent over the network.
HSTS further improve HTTPS. There is not perfect security in the world, at the end if we need to transact, we need trust.
How intermediate server get private key ??
This post is misleading. Https is really safe. This scenario in the blog can happen only for self-signed certificate. The role of Certificate Authority(CA) is to avoid what the blog mentioned.
How would the request be maliciously routed to an intermediate server in practice? Would it need malware installed? Thanks as ever - love these quick grabs arriving in my inbox :)
DNS Server Hijacking and Dos/DDoS can be used to hack and act as intermediate server