The thing is: People were conditioned for years to look for the padlock, because padlock means secure.
How will we ever get this out of their minds.. Jan SMTP: j...@philippi.pw XMPP: j...@himbeere.pw GPG: 45F3 2DF0 4D55 C4B4 2083 14C5 5727 D54F *E4E2 2A3C* Am 02.10.19 um 11:45 schrieb Valdis Klētnieks: > On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said: > >> It is a common fallacy that TLS connections are authenticated. The vast >> majority of them are not authenticated in any meaningful fashion and all that >> can be said about TLS is that it provides an encrypted connection between the >> two communicating applications. This is perhaps why it is call *transport* >> layer security ... > > Another major disconnect is that TLS validates the hostname that the browser > decided to connect to, not the host you thought you were connecting to.. > > The end result is that if a phish directs you to nan0g.org, it can still show > a > padlock and the user is none the wiser.... >
signature.asc
Description: OpenPGP digital signature