On Thu, Sep 18, 2014, at 03:26 PM, Adam Kruger wrote: On Thu Sep 18 2014 at 15:01:21, Nathan of Guardian wrote: Orweb only allows on window at a time, and no tabs. I need to dig deeper into the bug, but my hope was that we aren't vulnerable because of that. Our understanding is that content in iframes could violate SOP, so even with one browser window/tab at a time there is a problem. Hmm, so the attack is that a MiTM somehow injects a malicious iframe into a site you are visiting... but if they can do that, then can't they already see the content you are access? Who is creating the malicious iFrame and with what goal? What am I missing? Have you seen our work on Orfox? I think we are going to accelerate a release there, and kill off all of our WebView based efforts. Yes. I'm looking forward to seeing an Orfox release. Yes, and we should discuss if you want to do your own release of it for Psiphon, or if we should somehow have our Netcipher code check for Orbot and Psiphon, and prompt the user. +n
_______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
