Ask HN: How common or plausible are TLS MITM attacks?
In building a financial app, I've been thinking constantly about security. Ultimately everything comes back to TLS. If that's able to be compromised, there's almost no way I can think of to stay secure. How common or realistic is it to assume this could ever happen to my application?
10 comments
[ 3.8 ms ] story [ 29.6 ms ] threadThe better approach is to assume your app will get MITMed and reduce how much damage the attacker can do.
Implementation errors in your code, cert mis-issuance, errors in the underlying TLS implementation (certificate parsing and validation errors are quite common) and device compromise are all things to think about.
It might be useful to think about what is your responsibility versus the device vendor's responsibility versus the user's responsibility.