@ashk4n bookmarklets defeat the browser security model much like running setup.exe
-
-
Replying to @dakami2 replies 0 retweets 0 likes
-
Replying to @BrendanEich
@BrendanEich@dakami@ashk4n at any time they could push code that instructs your browser to hand over your "secret master key" to them1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@BrendanEich@ashk4n see also Windows Update1 reply 0 retweets 0 likes -
Replying to @dakami
@dakami@BrendanEich@ashk4n at least Windows Update signs code (I assume?) A web browser takes whatever the server presents at face value2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@BrendanEich@ashk4n SSL signs code (and everything else)2 replies 0 retweets 0 likes -
Replying to @dakami
@dakami@BrendanEich@ashk4n please see page 2, under "Main contributions": https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf …1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@BrendanEich@ashk4n like keying isn't hard enough, that we need more keys. I swear, people need to do tours of duty in ops2 replies 0 retweets 0 likes -
Replying to @dakami
@dakami@BrendanEich@ashk4n see what happened to RubyGems with the YAML vulnerability, or more recently with TorBrowser2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@BrendanEich@ashk4n the disasters that befall offline keying systems blow online keying out of the water1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.