The RSA site got pwned due to third-party JS. Dare I say some form of sub-resource integrity might have helped? http://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/ …
@frgx @BrendanEich I disagree. I think they might be willing to give up quite a few privs in exchange for, e.g., fraud/tampering protection.
-
-
@frgx@BrendanEich Or, for example, we could think more carefully about encouraging priv separation by tying it to <a ping> or sendBeacon.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.