My goodness. The breathlessness of the description of this vulnerability.
Any hacker is not the case here. To execute this attack you have to intercept traffic to a website, and spoof its CA certificate (although without correct key information - as that was what wasn't being checked).
Thats not to say that an attack couldn't be carried out by coordinated hackers who had prepared and targeted a public network being used to access a https secured site.
But attacking this vulnerability would not be trivial. Also, once an SSL session is setup with a legit sight, even with this bug, that session would be secure and free from eavesdropping.
The attack for this has to occur at SSL session configuration and handshake time. It is much harder to pull off than it is being claimed to be.
I'm so glad you're happy to have won this battle. Please feel free to spout off and trumpet your cause.
However, do not think for one minute that this doesn't mean that we, your customers, don't realize that if you are truly successful in stopping Aereo all WE will get out of it is higher bills for shittier service.
We are living in the new age of customer disservice. Long dead is the adage that "the customer is always right". It has been replaced with "have we screwed the customer enough?". And their answer to that one is always NO.
And here we are. A post advocating the return of the old days with the "High Priests of Computing" that control the mainframe dictating how everyone should interact with the system.
Sorry, cats out of the bag. You can wish on a star for the power to control the internet (your seriously asking for precisely that) but you aren't going to get it. No one will give it to you (or anyone else for that matter) and the engineering of the internet itself will fight back against trying to get that type of control.
And while I won't call your argument communist, it sure as hell sounds a lot like "we need to control you for your own good" progressive bullshit.
If no one is ever granted clemency for whistleblowing, can whistleblowers ever really exist?
Basically if the government is allowed to decide whether you are a whistleblower or a traitor based on their own discretion, then every law we have to "protect" whistleblowers is completely and totally meaningless.