Overview
HTTPS is the most common mechanism used to protect client-server communication on the internet. Most teams focus on SSL/TLS and server-side hardening — and for good reason — but security is layered: the system is only as strong as its weakest link. This article focuses on a specific class of HTTPS man-in-the-middle (MITM) attacks that is not widely discussed. The aim is to harden one of the weaker links in many deployments.
If you believe it’s perfectly safe to use a banking site over HTTPS on a device that isn’t yours (a friend’s laptop, an office machine), please read on.
This article has been indexed from DZone Security Zone
Read the original article: