[Discuss] comcast wifi question
Edward Ned Harvey (blu)
blu at nedharvey.com
Thu Nov 6 18:54:30 EST 2014
> From: Bill Ricker [mailto:bill.n1vux at gmail.com]
>
> tl;dr - Google HTTPS *is* safe from MITM but *only* with Chrome so
> far. Rest of HTTPS not as much.
I'm not following you here.
> If the hacker with control of the WiFi AP is working for an
> organization with control of any of the many Root CA certs built into
Careful there. While it's true that anybody can successfully perform MITM who has control of a root CA that's trusted by your browser, *and* it's been known to occur in reality sometimes, it is somewhat rare and unusual. Default root CA lists in modern OSes and browsers don't include China Post, or whatever you said, and other such sketchy CA's.
More information about the Discuss
mailing list