@lnxw48 True, https is still good. And yes, the entire PKI business is corrupt (Thanx, Diginotar and Comodo!). The Lenovo MITM problem comes from corporate greed, an operating system that's hostile to its users, browsers that merrily display a little lock icon regardless of origin (see my PKI complaint above), and users who trust the vendors, certs, OS, and browsers without verifying. But its unfair to blame the user for all the malstuff thrown at them. We need more Cryptoparties to educate people about these things so they can protect themselves and know how (and why) to vote with their wallets.