Which is clearly a big "improvement" 
So the attack is a well-meaning but incompetent administrator clicks through all the warnings to export private keys, then gives it to an attacker? How do you deal with this attack, an incompetent user clicking through warnings and sharing passwords with an attacker?
-
-
I was talking about developer embedding private keys in binaries or local configuration files. You’d be surprised at how many times vet the years people suggested that we just give 1Password’s localhost web socket a server certificate.
-
Hmm, but that is the problem Blizzard are trying to solve. They generate a per-machine certificate, so do not have to embed a static private key. That is the correct solution, no?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.