Hacker News new | past | comments | ask | show | jobs | submit login

Say you try logging into your gmail. Couldn't they spoof the DNS and point you to a "proxy" that skims your credentials?



HTTPS is an entirely different story, I don't know that people would necessarily like installs like "curl https://my.script.ly | sh", but there's at least a mechanism to verify the identity of the source.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: