Except that doesn't work if the form posts to a HTTPS URL. You'd have to impleme... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mvermaat on Jan 16, 2012 \| parent \| context \| favorite \| on: Login to your Google account by scanning a QR code Except that doesn't work if the form posts to a HTTPS URL. You'd have to implement something at the browser level, e.g. installing a modified browser or a browser extension.

jasonmc on Jan 16, 2012 [–]

It is possible to perform a MITM attack on HTTPS when you can install any certificates you want in the web browser.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact