
95% of HTTPS servers vulnerable to trivial MITM attacks - antouank
http://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
======
jgalt212
You still need to get in the middle.

~~~
ucho
Acting as "Evil twin" for hotspots in public places seems to be feasible. I
understand why people aren't using cert pinning, that can completely break
site, are there any practical reasons not to use HSTS?

