Amazing new HTTPS exploit that uses browser javascript APIs (fetch + resource timing), no MITM needed:http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/ …
-
-
: also, in case anyone's curious, the "resolve on headers" behavior of fetch() is likely at least *partially* my doing.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.