I think subdomain takeover is actually a much bigger threat than many ppl realize. IIRC @hanno has some nice work on this. Seehttps://twitter.com/hanno/status/1021350234117599234 …
-
-
So I'm saying, it doesn't make TLS MITM untenable, it forces the vendors hand to do dangerous things. Do you want more security vendors patching around in chrome.exe? If we could prevent Administrators from MitMing endpoints, you better believe I would be hassling chrome devs

-
The usual tricks of the sort could be used on (normal retail Chrome to make patching untenable and force those who really need MITM to weigh & absorb the costs of running a Bluecoat maintained Chromium. Reinforces difference for end-user.
- 24 more replies
New conversation -
-
-
Agreed, I'm saying that a world in which 2FA could rely upon token binding and hypothetical websites requiring 2FA+token binding would break Bluecoat, et al. I'm contemplating the other side of "which is worse" re: deploy/patch special browser.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
