Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Piskvorrr
on Jan 22, 2017
|
parent
|
context
|
favorite
| on:
Chrome 56 will mark HTTP pages with password field...
Yeah, because MITMing the origin page to submit to evil.example.org is trivial.
jessaustin
on Jan 22, 2017
[–]
In such a case one would expect the evil page to present something that looked like a credit card input to the user, but not to the browser. Sites would still want to use HSTS to combat the MITMing itself.
Piskvorrr
on Feb 2, 2017
|
parent
[–]
Nope, too risky. Just redirect to an evil HTTPS page, and do all your phishing there - look, it's got the green lock and everything >;-)
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
