@cpu @0xabad1dea what they're trying to do is a conceptual mismatch with a web browser: http://tonyarcieri.com/whats-wrong-with-webcrypto …
-
-
Replying to @0xabad1dea
@0xabad1dea@cpu even a browser extension would've been a more secure starting point. They chose the most insecure route possible to start3 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@0xabad1dea@cpu Which is at least secure until your browser maker subverts you, but then you're back to "On trusting trust"1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@0xabad1dea@cpu or if there are vulnerabilities in the extension implementation:http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions …1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@0xabad1dea@cpu Sure, but that's the same as native code not enabling ASLR, DEP, or any of the other ways native can fail1 reply 0 retweets 0 likes
@sleevi_ @0xabad1dea @cpu except your browser is constantly *executing* untrusted code from the Internet. For browsers, RCE is a given
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.