Write me a program that can safely assert something when the Administrator is malicious, it can be as simple as you like. Make it show the result of X509_verify() or something in a message box.
Where did you get this "invoncenicing" from? The problem is we don't want them in our address space, because they will get it wrong and make things worse and less discoverable for users! Explain how a user finds out if chrome.exe is being hooked, is that easier or harder than CA?
-
-
Do you think you can safely inject a DLL and hook chrome? I don't think you can, it's really hard. I think you probably can set up a corporate CA. I don't think you should, but if I have to pick one - I pick the latter.
-
Concur. But where I think this hypothetical hook comes into play is when Bluecoat customers can't log in using a WebAuthn token because of the MITM + a token binding requirement for the auth from the server side.
- 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
