@RichFelker In short if you're owned, you're owned. If someone planted a cert they likely did a lot of other thingshttps://twitter.com/sleevi_/status/668911789841608706?s=09 …
-
-
-
@marcaruel@sleevi_@SwiftOnSecurity@fugueish But ™ & © can make legal consequences for subverting the browser. -
@marcaruel@sleevi_@SwiftOnSecurity@fugueish If Google or Moz had the will, they could make shipping security-stripped ver ™ violation. -
@RichFelker@marcaruel@SwiftOnSecurity@fugueish And for the case of many enterprises that have their enterprise trusted root? -
@sleevi_@marcaruel@SwiftOnSecurity@fugueish They need to use a CA cert for domains they own, not the root. -
@RichFelker Sorry, that does not make any sense. Also think of AV inspection. In the end, 10 laws still apply.You own it or don't@marcaruel -
@sleevi_@marcaruel MITM is NOT the solution for AV. You need AV on the endpoints. And pref. a priv. model that cripples viruses. -
@sleevi_@marcaruel Ppl who do actual security and not snake-oil products know this. - 2 more replies
New conversation -
-
-
@RichFelker The alternative is a binary-patching arms race. The "don't defend from root" point is taken on Linux, this is the same on WinThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.