http subversion URLs should be discontinued in favor of https URLs
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Tue Dec 5 21:56:54 UTC 2017
On 6/12/2017 8:13 AM, Yuri wrote:
> On 12/05/17 13:04, Eugene Grosbein wrote:
>> It is illusion that https is more secure than unencrypted http in a
>> sense of MITM
>> just because of encryption, it is not.
>
>
> It *is* more secure. In order to break it, you have to have
> compromized https authorities. Some state actors have plausibly done
> this. http, on the contrary, can be altered by anybody who has access
> to the wire, which is generally a much wider set.
>
>
> Yuri
Yuri,
It can be illusory. My last job was as Sec Mgr for a large bank. They
disabled cert checking on client devices, placed a wildcard cert at the
internet boundary and captured all https unencrypted. An alternative
approach to advocate is dnssec. :)
You also need to ensure integrity, to ensure that the numbers are
flipped in transit... ;)
More information about the freebsd-security
mailing list