Hacker News new | past | comments | ask | show | jobs | submit login

I'd almost prefer to be on http knowing I was insecure than be on https and wrongly believing I was secure.



Well, I don't really trust random certs even when they're signed by a respected CA -- but I still prefer using HTTPS. Even if the cert is fraudulent, HTTPS is still encrypting stuff and will protect me from other random attackers.

Security is never a binary secure/insecure proposition. There are shades of gray. The key is to use what security you can, but never think "I'm secure now".

As an old mentor once told me: the moment that you think you're secure is the moment that you're at the greatest risk, but you should still lock your door.


They teach that adage in business school too. That when you think you have full control of an organization is when you have the least control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: