On Fri, Sep 18, 2015, at 08:53, Dag-Erling Sm?rgrav wrote:> Daniel Feenberg <feenberg at nber.org> writes: > > Is there a reason to encrypt something that is completely public? > > Watering hole attacks.Watering hole attack describes the *site* being compromised because it's popular and you know the target(s) will go there. HTTPS is irrelevant. https://en.wikipedia.org/wiki/Watering_Hole -- Mark Felder ports-secteam member feld at FreeBSD.org
Mark Felder <feld at FreeBSD.org> writes:> Dag-Erling Sm?rgrav <des at des.no> writes: > > Daniel Feenberg <feenberg at nber.org> writes: > > > Is there a reason to encrypt something that is completely public? > > Watering hole attacks. > Watering hole attack describes the *site* being compromised because it's > popular and you know the target(s) will go there. HTTPS is irrelevant....or a MITM attack on a site that is popular with your target demographic. Then again, if you have the means to mount a MITM attack you probably have the means to get a valid certificate. DES -- Dag-Erling Sm?rgrav - des at des.no