My house is insecure. There's no alarm, so anyone could just smash a window and steal my TV. But replacing my TV costs a lot less than an alarm system, and the risk of being caught for theft is greater than the TV's value.
My landlord sent a handyman in while I was on vacation once, and the handyman didn't close the front door all the way (or try to lock it). My door was open for 3 days, visible from the street, and I don't live in the nice side of town. No one stole the TV, but my electric bill was high that month.
A MITM attack on a static site is definitely possible, maybe even easy, but I'm not going to worry about it unless I have something important to protect.
> A MITM attack on a static site is definitely possible, maybe even easy, but I'm not going to worry about it unless I have something important to protect.
HTTPS doesn't protect the content of your site from being stolen, it protects your users from hostile third-party content masquerading as yours.
>it protects your users from hostile third-party content masquerading as yours
Exactly. What does anyone lose if my anonymous untrusted blog does something untrustworthy for that one reader who has an infected router?
Should I encrypt messages I write on post cards, because I'm afraid a disgruntled postal worker will write "you suck" on the bottom? The worst case scenario here is temporary vandalism.
The same argument applies to littering. It's only going to harm strangers, and you're unlikely to get caught, so strictly from a cost-benefit perspective it seems like a good idea. But if everyone makes that "rational" decision then we all lose.
The problem is that as a community we want to move to where no traffic is unencrypted so the MITM don't have to be trusted. If your static site wants an exception then your static site is going to be where I get hit.
> HTTPS doesn't protect the content of your site from being stolen, it protects your users from hostile third-party content masquerading as yours.
Hostile third party content is only hostile because the client used to access the content does not take client security seriously.
Food for thought: As an end user consumer visiting random, benign websites, I want my browser to be protecting me against hostiles, rather than relying on website operators to do that for me. Just like I run antivirus on my machines instead of relying on everyone else to run it.
Just make it so that your browser doesn't render any http delivered content. Problem solved. From a client point of view that's the only protection you can do. A MITM over http is undetectable for you. With current OSes and hardware there is no sandboxing which will protect you under all circumstances.
If you do this, site providers are forced to switch to https anyway.
I guess one problem with risks on the web when compared to your house analogy is that automation can make all the difference there. For the specific MITM example automation might be less likely, but on computer networks, even very unlikely risks can get amplified by the fact that someone can just automate the exploitation.
If automated drones roamed the country looking for open doors to break into, people might be more worried about their home security. Fortunately, the physical world protects us from wide-scale exploitation.
My landlord sent a handyman in while I was on vacation once, and the handyman didn't close the front door all the way (or try to lock it). My door was open for 3 days, visible from the street, and I don't live in the nice side of town. No one stole the TV, but my electric bill was high that month.
A MITM attack on a static site is definitely possible, maybe even easy, but I'm not going to worry about it unless I have something important to protect.
reply