> I will find or compromise a shady certificate authority and get my own certificate for your domain name
Woah there, I don't think this is a realistic expectation of an attacker.
However, the author is right in that it is much easier to attack the endpoints. Users install every piece of software on the planet, and the Firefox/Chrome user storage directory is in clear access for all programs. There are also many remote code execution vulnerabilities in the wild that could be used to query a database server or steal keys.
I thought the same. I think at this point we've graduated from "there's already a metasploit / other open source code for it" to "it's probably possible, if you are fairly determined but not necessarily the NSA". There's probably a few CAs with lax security procedures, just given how many there are... but hacking one is a much bigger endeavor than SSL stripping.
Woah there, I don't think this is a realistic expectation of an attacker.
However, the author is right in that it is much easier to attack the endpoints. Users install every piece of software on the planet, and the Firefox/Chrome user storage directory is in clear access for all programs. There are also many remote code execution vulnerabilities in the wild that could be used to query a database server or steal keys.