| ▲ | embedding-shape 6 hours ago |
| > No notification What ISP? I'm using Vodafone and if I accept the insecure connection (because of mismatched certificate), I get served the notification. You don't get that? |
|
| ▲ | brian-armstrong 5 hours ago | parent | next [-] |
| Why would you ever accept a mismatched certificate? Even assuming that you think your ISP has no nefarious plans, are you going to be able to rigorously confirm it's their certificate? At that point you've bypassed all the mechanisms in your browser that do this heavy lifting for you. |
| |
| ▲ | lukan 3 hours ago | parent | next [-] | | Erm, where is the danger in a mismatched certificate, if all I want is to get some noncritical information from a blog or something? | |
| ▲ | embedding-shape 5 hours ago | parent | prev [-] | | Why wouldn't you? Your computer is not gonna be hijacked by it, and you want to see what shit your ISP is now up to. Obviously I don't do my banking like that... |
|
|
| ▲ | tomnipotent 6 hours ago | parent | prev [-] |
| Presumes you're using the ISP's DNS and not custom servers or DoH. |
| |
| ▲ | embedding-shape 6 hours ago | parent [-] | | Bit hard to get notified by the ISP if you effectively try to side-step the way they notify you, don't you think? Also bit weird to blame them for that. If I recall correctly, if you try to access the IP directly you get the same notification. No football game on right now though so cannot check. Edit: In fact, I'm not sure they do DNS filtering at all actually, it may be just based on IP, can't remember off-hand, considering the collateral damage, I'd say IP blocks mainly. | | |
| ▲ | mzajc 5 hours ago | parent | next [-] | | ISPs have your contact information, and they can also put up notices on their own website. Hijacking somebody else's website with forged replies isn't "the way they notify you," it's a man-in-the-middle attack, and users shouldn't be trained or encouraged to accept it. | | |
| ▲ | embedding-shape 4 hours ago | parent [-] | | > ISPs have your contact information, and they can also put up notices on their own website. So whenever you see "Connection Refused" your instinct is to go to your ISPs website? I also don't think it's "hijacking someone's website", then it'd be global, instead it is a man-in-the-middle attack, serving different traffic than the user intended. |
| |
| ▲ | devmor 5 hours ago | parent | prev | next [-] | | Hijacking secured connections to inject a payload that doesn’t actually come from the source is not a legitimate form of notification - it’s a malicious infrastructure attack. | |
| ▲ | 6 hours ago | parent | prev [-] | | [deleted] |
|
|
