Originally posted by ed31337
View Post
Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse
Collapse
X
-
Guest replied
-
-
Originally posted by sbivol View PostIt does, but the redirect to HTTPS happens after your cookies were sent, which means someone could have sniffed your authentication token and reused it to impersonate you.
Even without cookies, a man-in-the-middle can alter the redirect itself to make you visit an unexpected website. Like http://example.com redirecting toCode:https://exemple.com
Leave a comment:
-
-
Originally posted by macemoneta View PostWouldn't the HTTP documentation links be redirecting to HTTPS pretty much everywhere now anyway?
Even without cookies, a man-in-the-middle can alter the redirect itself to make you visit an unexpected website. Like http://example.com redirecting toCode:https://exemple.com
Last edited by tildearrow; 26 July 2020, 07:02 PM.
Leave a comment:
-
-
Looks like Alexander Klimov from Russia
It is common for Russian ISP to modify traffic and replace or add own ads.
Currently they usually don't touch https traffic.
Leave a comment:
-
-
Wouldn't the HTTP documentation links be redirecting to HTTPS pretty much everywhere now anyway?
Leave a comment:
-
-
Originally posted by sbivol View PostYou're confusing a forward proxy with a reverse proxy. Cloudflare is a reverse proxy so it is the website owner who needs to configure the proxy, not the visitor. If anything, proxying through Cloudflare / Sucuri usually improves the security of a connection.
Leave a comment:
-
-
Originally posted by ed31337 View PostHTTPS feels like a sham... It breaks traditional caching proxy servers like Squid,
Originally posted by ed31337 View Postyet somehow Cloudflare seems to be able to serve cached data for many sites, even using HTTPS... We're all being MITM attacked?
Leave a comment:
-
-
HTTPS feels like a sham... It breaks traditional caching proxy servers like Squid, yet somehow Cloudflare seems to be able to serve cached data for many sites, even using HTTPS... We're all being MITM attacked?
Leave a comment:
-
-
Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse
Phoronix: Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse
On the mailing lists and browsing various Git "-next" repositories it's felt like "damn, there are a lot of patches about replacing HTTP links with HTTPS all of a sudden" inside the kernel sources and documentation. Indeed, for Linux 5.9 where applicable HTTP links are being replaced for HTTPS...
Tags: None
-
Leave a comment: