[Cryptography] How to convince web site to use HTTPS ?
John Levine
johnl at iecc.com
Sat Aug 3 22:11:43 EDT 2019
In article <6f6c0ae7d40dc2c08dd56b37eac7016d.squirrel at clueserver.org> you write:
>> Obviously: set up a wifi hotspot with a MITM and demonstrate to them how
>> easy it is to intercept login credentials. Start your patter with,
>> Imagine youre in an airport or a hotel
"
>
>Insert ads. Modify pictures. Change the name of the CEO to "Dave Null".
>Insert autoplay sounds with fingernails on a chalkboard.
This is overclever. I expect that the response of the people who
don't want to use https would be that we're a tiny little site,
nobody's going to all that effort just to hack us. And they would be
right.
I think the point that many browsers say NOT SECURE and are planning
to say worse is likely to be more persuasive. I also agree with the
comment that he should figure out what the problem really is, wrong
assumptions about cost (a remarkable number of people still believe
that SSL certs cost $100), somnolent web developers, or whatever.
R's,
John
More information about the cryptography
mailing list