undefined | Better HN

0 pointsfoobiekr1y ago0 comments

The bigger issue is that a malicious interceptor could inject javascript. The site may not use javascript, but the users almost certainly have it turned on, and accessing a non-https site means that any man in the middle can inject malicious javascript.

HTTPS is about protecting the client.

0 comments

Thorrez1y ago

E.g. China's great firewall sometimes inserts malicious Javascript that causes the client to launch a DDoS attack against Github or other sites China doesn't like.

https://en.wikipedia.org/wiki/Great_Cannon

j / k navigate · click thread line to collapse

0 pointsfoobiekr1y ago0 comments

HTTPS is about protecting the client.

0 comments

Thorrez1y ago

E.g. China's great firewall sometimes inserts malicious Javascript that causes the client to launch a DDoS attack against Github or other sites China doesn't like.

https://en.wikipedia.org/wiki/Great_Cannon

j / k navigate · click thread line to collapse