But hey! The extension-files are X509-signed and served over HTTPS with a green ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

josteink on April 20, 2018 | parent | context | favorite | on: Fake ad blockers in Chrome Web Store

But hey! The extension-files are X509-signed and served over HTTPS with a green location-bar from a known good domain so we all know it’s secure, right?

Oh wait. I guess forcing everyone to use HTTPS and signing everywhere means HTTPS and signing can no longer be used to distinguish serious actors from even plain malware-vendors.

Thanks Google.

tremon on April 20, 2018 [–]

It could never be used for that purpose. It only allowed you to easily distinghuish between amateur malware and slightly-serious malware.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact