APM and sslstrip (man in the middle attack)
recently there was some local attention to the already quite old sslstrip attack, see: https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf has anyone tested that attack against an APM, how well does it work? mitigation would be of course to not implement APM on HTTP / not using a HTTP to HTTPS redirect. but im wondering if it works at all.