The Amazon 1Button App Is Very Bad
July 14th, 2013I doubt that any of you have this installed, but just in case…
Via: Kotowicz:
Though intercepting HTTPS connections is possible, we can only do it via:
hacking the CA
social engineering (install the certificate)
relying on click-through syndrome for SSL warnings
Too hard. Let’s try some side channels. Let me show you how you can view all SSL encrypted data, via exploiting Amazon 1Button App installed on your victims’ browsers.