Hmm noting that yarnd
password change function is insecure by design and should be fixed 🤔
#zsw3uta
@lyse@lyse.isobeef.org @prologic@twtxt.net (#zsw3uta) session hijacking was easy before https be mandatory. Today it still can happens but the level of complexity involved like a proxy in the middle and a fake certificate chain inserted in the client make it very hard to achieve.
#ltihrya