Hacker Newsnew | comments | show | ask | jobs | submitlogin

This is one of the many reasons to use an extension that forces SSL on every website that supports it.

It's possible to MITM SSL, but it would throw all kinds of security warnings on the client and prevent this kind of tampering.

Note: I'd recommend SSH tunneling, or using a VPN, but there's quite a bit more work involved here, so for the install-and-forget crowd, SSL is already a huge improvement.




relevant:

https://www.eff.org/https-everywhere

-----


Also: https://code.google.com/p/https-finder/

HTTPS Finder automatically detects and enforces valid HTTPS connections as you browse, as well as automating the rule creation process for HTTPS-Everywhere

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: