(www.kroah.com)

103 points voxadam | 1 comments | 09 Dec 25 22:47 UTC | HN request time: 0.001s | source

Show context

loph[dead post] ◴[09 Dec 25 23:13 UTC] No.46212018[source]▶

[flagged]

landr0id ◴[09 Dec 25 23:20 UTC] No.46212080[source]▶

>>46212018 #

I'm surprised Firefox didn't warn me when I went to the page. Hostile teleco/MITM waiting for HTTP traffic are a real-world way that nation states deliver exploits.

replies(3): >>46212510 #>>46213091 #>>46213103 #

vpShane ◴[10 Dec 25 00:18 UTC] No.46212510[source]▶

>>46212080 #

It did for Librewolf -- what I moved to from Firefox. Self-Signed certs I'm down with, http I'm not, and never will be for any reason. Plain-text data transmissions have no acceptable reasoning.

replies(2): >>46212607 #>>46213243 #

schmuckonwheels ◴[10 Dec 25 00:33 UTC] No.46212607[source]▶

>>46212510 #

You do realize self-signed certs are useless, could have been tampered with, and could have just as easily been created by a malicious actor?

There's a reason most default self signed certs are called "snake oil".

replies(2): >>46213117 #>>46220789 #

1. gldrk ◴[10 Dec 25 01:49 UTC] No.46213117[source]▶

>>46212607 #

You can pre-share the certificate out of band, or set up your browser to TOFU like SSH does. Then they are not useless and may be superior to PKI for certain threat models.

↑

Linux CVEs, more than you ever wanted to know