Yeah I guess so. Due to SSL if you want to perform successful MITM you’ll need to have control of DNS and must have rootCA which you control installed on there system/browser. And if it is a supply chain attack where source it self corrupted then there is no hope.
I don’t think it’s bad advice for most people. Maybe it’s just bad advice for your treat model
Yeah I guess so. Due to SSL if you want to perform successful MITM you’ll need to have control of DNS and must have rootCA which you control installed on there system/browser. And if it is a supply chain attack where source it self corrupted then there is no hope.