Because it makes it a little easier to script forging an HTTPS cert. People here think that is easy, but it isn't. It involves real humans and real bullshit interfaces. If you get nailed with using a fake credit card its easy for any government to figure out that you also pwnd a website, but people here think in all-or-nothing terms for almost everything.
I've worked on multiple projects with credit card fraud. I've helped the Canadian government with both cybercrime and machine learning. When I say 98% of criminals are dumb, I really fucking mean it. Not everyone is USG. Most governments are worse-resourced than your run-of-the-mill startup. But people don't want to hear that scriptable HTTPS has downsides and people that are in positions that come with social cache rarely listen. They end up becoming the next generation of people with blinders on. I helped with projects that threw over a dozen people in jail. We got them on two things: IP addresses and financial transactions. Let's Encrypt takes away one possible way we could have gotten them. But people on HN are so deluded about what actual crime looks like.
You know how the vast majority of programmers are these dumb PHP coders that cobble together a Wordpress site? Crime is the same thing only worse. They have no fucking clue what they're doing. They bruteforce passwords and use exploits that target long-out-of-day vulns.
from Hacker News - New Comments: "WordPress" http://bit.ly/2M7wZ3c
via IFTTT
No comments:
Post a Comment