On 2014-03-04 22:39, Yan Zhu wrote:
(There's a good argument that ruleset security should be equivalent to extension security, since an attacker can submit a ruleset update that rewrites the extension update URL to a malicious one!)
Perhaps it would be wise to have the extension refuse to re-write any URL involved with the update mechanism (or at least require any rule that does to be signed using the offline key), along with the use of certificate pinning to validate the SSL channel used for ruleset updates.
It might not be perfect, but if the extension calls a known URL, it shouldn't be too difficult to simply ignore any rule that attempts to apply to the domain(s) involved with the ruleset update process.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
