Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
skrebbel
on May 13, 2020
|
parent
|
context
|
favorite
| on:
The modern HTTPS world has no place for old web se...
I don't understand, anyone who can MITM can also sniff, right?
kop316
on May 13, 2020
|
next
[–]
Yes they can. They simply decrypt, and reencrypt with their own self signed cert. If you have no way to verify the self-signed cert, you would never know.
naniwaduni
on May 14, 2020
|
prev
|
next
[–]
An adversary with MitM capability needs to commit to being detectable in order to read encrypted traffic.
dtech
on May 16, 2020
|
prev
[–]
but not everyone who can sniff can MITM, encryption always prevents sniffing
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
