Oh look, we’ve found a security ‘researcher’. Mad that your job only consists of making other people’s job harder?
Try the DMV, that’s also a great place to work where you can inflict misery on others.
Valuable zero days aren’t exposed. They’re sold. If someone wants your data they will get it. HTTPS means nothing except huge amounts of wasted CPU cycles and energy.
I don’t think there is any vulnerability in https. There are know limitations but https itself is fine. If you are talking about TLS vulnerabilities then we have much more to worry about. To compromise the content on a page someone would have to brute force TLS very fast which isn’t feasible with today’s computer. Today’s computer would take at least a few million years. But I have scene estimates that say long past the heat death of the universe.
Even if https was full of holes it still would be better than http. Http has zero tamper protections or encryption. Companies like AT&T used to tamper with traffic to various purposes and it was feasible for them to do so.
HTTPS isn’t only about encryption; it’s about talking to the right servers.
Great for my banking website.
Not at all important my my IOT sensor network.
Not EVERYTHING needs to be HTTPS
Don’t use HTTPS on your IOT sensor network then.
Yes, everything needs to be https. https prevents tapering with traffic.
You think your data is secure with HTTPS? There’s always an undisclosed vulnerability somewhere.
Patches solve specific issues but they do nothing for overall security.
Stop spreading bullshit!
Oh look, we’ve found a security ‘researcher’. Mad that your job only consists of making other people’s job harder?
Try the DMV, that’s also a great place to work where you can inflict misery on others.
Valuable zero days aren’t exposed. They’re sold. If someone wants your data they will get it. HTTPS means nothing except huge amounts of wasted CPU cycles and energy.
I don’t think there is any vulnerability in https. There are know limitations but https itself is fine. If you are talking about TLS vulnerabilities then we have much more to worry about. To compromise the content on a page someone would have to brute force TLS very fast which isn’t feasible with today’s computer. Today’s computer would take at least a few million years. But I have scene estimates that say long past the heat death of the universe.
Even if https was full of holes it still would be better than http. Http has zero tamper protections or encryption. Companies like AT&T used to tamper with traffic to various purposes and it was feasible for them to do so.
And these days we’re on v1.3 - https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/
Notice anything? There’s always a flaw. The general public hasn’t discovered it in TLS1.3…yet
And again, Banking websites, some stuff makes a lot of sense to use encryption.
Just not everywhere.
Nobody is forcing you to use HTTPS man
Move the goalposts some more. I never said forced.