You'll note that later versions of Chrome protect against this via HTTP Strict Transport Security.
http://www.chromium.org/sts http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 Google includes their cert fingerprints (see kGoogleAcceptableCerts) in: http://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?view=markup In chrome: chrome://net-internals/#hsts - semenko On Mon, Aug 29, 2011 at 5:38 PM, Ferenc Kovacs <[email protected]> wrote: > http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en > > any thoughts? > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
