Quote:
Originally Posted by Barry-xlovecam
Tell that to people that operate over 1000 domain networks.
That's mostly a crock of shit ... HTTPS (TLS) just encrypts data -- it doesn't change or filter data -- just encrypts the data from the browser to the server and back to the browser from the server. If an embedded iframe with an exploit is on a HTTPS server it will not raise an HTTPS exception -- both servers are HTTPS and a registered HTTPS Cert exists within a browser recognized issuing repository.
So, the "villains" fake register their domains and get their certs (for free!!!) YEAH! we are safe - LMFAO.
Will these free certs be *.wildcard certs or domain specific? All sub domains (including mail, ftp, www) are considered separate domains for HTTPS certs, unless the are wildcarded and each certificate has to be installed on the server. The certs need to be re-installed on upgraded (not updated) server os installs.
Also, the NSA has reportedly broken HTTPS encryption
NSA-Documents: Attacks on VPN, SSL, TLS, SSH, Tor - SPIEGEL ONLINE
This whole HTTPS thing is a Google scam and maybe a NSA trap ... |
All true, if it wasn't then the current tread in malware to target https would not even be possible.
As for the NSA, also true, They also have their hands on a new quantum computer that in a few years in theory would be able to unlock just about anything...