A sobering, even frightening exploration of vulnerabilities in the way most browsers and OSes interact with proxies can be exploited to pwn an HTTPS session, stealing and altering supposedly secure data. Must read.
When I first read about this, I totally missed that the subway car MOVED. I just thought it was a small, lame repro. My bad.