On Dec 4, 2013, at 9:22 AM, Bruce Perens <[email protected]> wrote: > On 12/04/2013 09:19 AM, Nicholas Weaver wrote: >> All it takes is ONE unencrypted web request across a hostile network for >> that hostile network to be used to attack the browser. > And that is one way in to the browser out of many.
Except that it is a primary way that the NSA says is OK, and has a huge attraction to nation states for system exploitation. Why bother with watering hole attacks etc? -- Nicholas Weaver it is a tale, told by an idiot, [email protected] full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
