undefined | Better HN

0 pointssunaurus3y ago0 comments

Random examples of MITM attacks I could do on a read-only website:

* Inserting malicious JavaScript

* Changing content on trusted websites in order to mislead people

* Replacing downloadable application binaries with versions that contain malicious code

0 comments

Malicious JS can be served directly, e.g. via ad iframes. Injecting it into a low-stakes (read-only) site doesn't gain much, does it?

Points 2 and 3 are the same, they're about integrity which could be had cheaper with content-addressing (hashes uniquely identifying the content) rather than pulling in the full TLS+CA machinery.

j / k navigate · click thread line to collapse