I asked Ryan about it, subdomain takeover has the same problem, you could just serve some js that does your attack instead of steal cookie then attack from your machine. I think this is another "why not just use the vector you used to get the cookie in the first place"?
-
-
The usual tricks of the sort could be used on (normal retail Chrome to make patching untenable and force those who really need MITM to weigh & absorb the costs of running a Bluecoat maintained Chromium. Reinforces difference for end-user.
-
There are no "usual tricks" that make patching untenable to Administrators, if there were, we would do that. This is one of those "immutable laws of computer security".
- 23 more replies
New conversation -
-
-
Or.... would you choose not to if you knew it reduced market share and pushed those use cases to custom Chromium builds -- or -- *gasp* other browsers? (I don't believe that, but that's always there...)
-
You got me! OK OK, you win, I'm going to talk the chrome team into shipping Safedisc with the next version and all new builds will be packed with Themida.
End of conversation
New conversation -
-
-
Make it illegal to display the Chrome name and logo in a browser modified to support MITM.
-
Yep. DMCA, Copyright, and Trademark law certainly would enable this, particularly if you add some protective DRM even if it's only minimal. Let them do what they want under their own badged version of Chromium..
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

