Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
undefined | Better HN
0 points
meepmorp
8y ago
0 comments
Share
Unless, of course, the site you trust is hosted in a shared hosting VM which is also vulnerable to spectre or meltdown. In which case, you can’t trust the scripts.
0 comments
default
newest
oldest
XR0CSWV3h3kZWg
8y ago
spectre can read, not write.
meepmorp
OP
8y ago
If I can read arbitrary data, what’s stopping me from reading the credentials I need to write data?
anfilt
8y ago
What if I read the sites TLS/SSL keys? I could MITM the connection and inject JS to do more malcious thing.
Or even easier get the ssh key for the VM. Then do what ever I want.
dtparr
8y ago
If it can read the right data (private keys, etc.), then it can write whatever it wants.
j
/
k
navigate · click thread line to collapse
