-
-
-
@0xabad1dea@cpu even a browser extension would've been a more secure starting point. They chose the most insecure route possible to start -
@bascule@0xabad1dea@cpu Which is at least secure until your browser maker subverts you, but then you're back to "On trusting trust" -
@sleevi_@0xabad1dea@cpu or if there are vulnerabilities in the extension implementation:http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions … -
@bascule@0xabad1dea@cpu Sure, but that's the same as native code not enabling ASLR, DEP, or any of the other ways native can fail -
@sleevi_@0xabad1dea@cpu except your browser is constantly *executing* untrusted code from the Internet. For browsers, RCE is a given
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.