This is important. Because the discussion around HTTPS tends to train users into think that HTTPS = Web Security.
I totally agree that it's important, and I understand the attack vectors. But what about your outdated WordPress/Joomla installation? What about your default password on your admin site? Those I think are more serious issues, but of course harder to tackle.
To exploit a MiTM you need to be on the same network, this could be achieved through your local-cafe's WiFi or by compromising an internal system of a local network. Not a trivial task I would say. If you manage to pull it off, the impact is contained to that local network.
If you compromise the insecure site directly, you can have an much wider audience and HTTPS won't help you in this scenario.
from Hacker News - New Comments: "WordPress" https://ift.tt/2wn42cX
via IFTTT
No comments:
Post a Comment