Hacker News new | past | comments | ask | show | jobs | submit login

I know the warnings are in place for a reason, but why don't the affected people just bypass the warning. There is no reason to think that just because the date changed that Comcast's certificate is now compromised. If the certificate was issued with an expiry date of five years or more, I'd understand not taking the chance; especially considering how long Comcast is taking to review their certificate - if their certificate did become compromised their customers would likely never find out.



I would guess that 99% of users don't know the difference between expired, hacked, bad, or any number of things. They just see "ERROR" and stop dead.


99% of users say "stop bugging me, computer, I just want my site" and click on "ignore warning".


One problem with this is that it trains the user to ignore a security warning which might not be crying wolf next time.


Dude if somebody wants to create a man in the middle attack to see my Comcast contract, that's cool. Hell, just email me and I'll send you a copy. I think context matters. I don't think most people would ignore a cert warning if they were about to do something they deemed private.


I doubt it. Steve Gibson once related how he sold many copies of his software on his website, even when the website accidentally had an invalid certificate. His software is geared towards a tech-savvy audience. If tech-savvy people don't behave securely, why should we expect most people to?


>I know the warnings are in place for a reason, but why don't the affected people just bypass the warning.

Not caring about certificate expiration may be a sign of not caring about other, more serious, security issues.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: