Mike West

@mikewest

Making the web marginally less insecure, one deprecation at a time. I work on Chrome's security team, but my tweets are my own, etc, etc.

München, DE
Vrijeme pridruživanja: prosinac 2006.

Tweetovi

Blokirali ste korisnika/cu @mikewest

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @mikewest

  1. Prikvačeni tweet
    28. sij

    The more I hear people talking about `SameSite`, and trying to explain it to each other, the more I regret literally everything about the spelling choices we made in its design. Naming things is easier in retrospect.

    Poništi
  2. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  3. proslijedio/la je Tweet
    22. sij

    The time has come to fix that typo in Referer ;)

    Poništi
  4. 19. sij

    Not much snow, but just enough to have some fun with the kids this morning!

    Poništi
  5. 16. sij

    I think there's a lot of room for more collaboration between browser vendors and academia; this workshop (alongside IEEE Euro S&P in June) might be a good chance to kick off some new conversations!

    Poništi
  6. proslijedio/la je Tweet
    15. sij

    💕❤️💕 for all who have worked for a better web and a better world at Mozilla.

    Poništi
  7. proslijedio/la je Tweet
    14. sij

    Chrome plans to phase out support for third-party cookies. "Our intention is to do this within two years."

    Poništi
  8. 14. sij

    I'm excited about this. The UA string is a mess, somewhat fingerprintable, and legitimate use cases can be better and more clearly served by moving the information to an HTTPS-only client hint (a la ).

    Poništi
  9. 8. sij

    I'm quite happy with the effort that colleagues like , , and others clever enough not to be on Twitter put into this set of changes, and I'm looking forward to additional changes across a wider swath of permission UX in 2020 as we learn from this launch.

    Poništi
  10. 8. sij

    Feedback would be welcome, either here or as issues/PRs filed on the GitHub repository: . Thanks!

    Prikaži ovu nit
    Poništi
  11. 8. sij

    It's like the CSP: The Good Parts. Most users would be well-served with a policy like `Scripting-Policy: nonce=number-used-once`, and I think even complex deployments can be supported with a limited set of options. We can keep it small and focused, with a clear threat model.

    Prikaži ovu nit
    Poništi
  12. 8. sij

    I took some time to sketch out `Scripting-Policy` in a little more detail: . I'm starting to think it might actually not be a terrible idea.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    4. sij

    An amazingly well written description of the upcoming SameSite cookie enforcement in Chrome 80. If your org makes use of cross-origin cookie access, you’re running out of time to fix before Feb 4. Via

    Poništi
  14. 16. pro 2019.

    I think I screwed up Chromium's layering of CSP on top of integrity metadata checks (). :/ Perhaps this is a good time to follow through on adding `integrity` processing to inline script and style blocks?

    Poništi
  15. proslijedio/la je Tweet
    6. pro 2019.

    What is document.domain? What does it do? Why is it bad? (Thread)

    Prikaži ovu nit
    Poništi
  16. 5. pro 2019.

    Every year, Spotify's "Your top songs!" list reminds me about my previous year's plan to separate _my_ account from the family's Sonos system. On the plus side, I can see exactly which "Bibi Blocksberg" and "Ritter Rost" stories the kids had on repeat... :)

    Poništi
  17. 3. stu 2019.

    Behold: something vaguely like a mortice and tenon! Probably not a right angle on the whole piece... 🤪 Turns out, buying tools is not _exactly_ the same as knowing how to use them.

    Poništi
  18. proslijedio/la je Tweet
    25. lis 2019.

    Check out these Mozilla research grant questions, many of them focusing on security and privacy!

    Poništi
  19. 24. lis 2019.

    My wife is about to be on a plane to Amsterdam, and I get to goof off with my kids until Tuesday. 🥳 Fair warning: I’ll be even worse at email than usual for the next few days.

    Poništi
  20. 16. lis 2019.

    This is a nice presentation of the current XSLeaks state of the art. I'm hopeful about the defense mechanisms we're working on deploying across browsers, but side channels are everywhere. It's a hard set of problems we're going to be busy with for a while...

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·