Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

True..

The sad thing is that with many kinds of cybercrime, it's easier to fix the security vulnerability, than it is to track down the criminals and make them stop :)

In this case, the vulnerability is using HTTP, not HTTPS.



Still, if we do not take care of bad actors, bad actors are what we get (and probably what we deserve).

Edit: Also, what stops those ISPs from impersonating the requested host by means of their own root certificate, just like antivirus software does it?


Then my browser would throw a certificate warning unless I added my ISPs root cert.


As pointed out by another comment already, "you" maybe as well the ISP's installer software.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: