undefined | Better HN

0 pointspatmcc2y ago0 comments

Has to pwn your DNS and SSL, you mean. If someone has broken that, they'll get my credentials when I have to login at some point.

This seems to help mostly against servers improperly using cookies, servers improperly logging request content, and users improperly uploading HAR files that include bearer token.

And anyone who does those things improperly will also implement WebSession improperly - like not bothering to keep track of nonces - so what does it really gain us?

edit: just broadly on "pwn your machine vs pwn your DNS" - overall, in the general case, machines are much much easier to pwn.

0 comments

dcow2y ago

Yes, but this presumably still runs on top of DNS and SSL and an attacker can exfiltrate a bearer token all the same if they pwn your machine. What this does is make the only viable attack vector the one where they're on your machine or getting you to unwittingly run stuff on their behalf on your machine.

j / k navigate · click thread line to collapse

0 pointspatmcc2y ago0 comments

Has to pwn your DNS and SSL, you mean. If someone has broken that, they'll get my credentials when I have to login at some point.

This seems to help mostly against servers improperly using cookies, servers improperly logging request content, and users improperly uploading HAR files that include bearer token.

And anyone who does those things improperly will also implement WebSession improperly - like not bothering to keep track of nonces - so what does it really gain us?

edit: just broadly on "pwn your machine vs pwn your DNS" - overall, in the general case, machines are much much easier to pwn.

0 comments

dcow2y ago

j / k navigate · click thread line to collapse