5 comments

[ 4.0 ms ] story [ 37.2 ms ] thread
And?
Imagine if an attacker own htt.ps

Now image if the attacker creates a website at 'htt.ps//www.google.com' that resembles google. It has the lock icon. It says 'htt.ps'. I can definitely see this being a problem. People are going to fall for it. Firefox still shows the 'https' before the URL but Chrome does not. People are used to it being both ways.