I think normal users would click through SSL errors for expired/invalid certs, so an SSL MITM could be possible. Some sites don't pin certs and users re-use passwords. Yes VPNs can be MITMd but users face less VPN error fatigue When did we stop believing in defense in depth?
That's more than unrealistic, that's just plain impossible.... come on 
-
-
That's fair, and I'll definitely concede that point. I do think for corporate users it's maybe reasonable, but outside of that the only folks using reliable servers are probably smart enough not stay on TLS sites and not ignore cert errors in potential hostile environments
-
LMFAO you are ones of the most important and technical gifted hackers... and get involved in the same dumbs discussions about how to protect end users as the rest of the members of the community. just pointing out that... you guys still are awesome
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.