|
Notorious b.s.d. posted:ok so how do i get those crypto keys? just how much entropy do you think there is in the kernel's aslr?
|
# ¿ Jan 4, 2018 19:50 |
|
|
# ¿ May 14, 2024 13:32 |
|
post the actual details of your proposed scheme for preventing javascript from being able to figure out this sort of thing, so everyone else can laugh at how dumb you are
|
# ¿ Jan 10, 2018 13:51 |
|
Subjunctive posted:sure, but it'd be the same bug if it were running on whatever.com, which also happens. a browser won't just bridge arbitrary origins, an explicit software-level (vs configuration) secfuck is required Of course, stuff like "not validating that the hostname in the request is 'localhost'" counts a secfuck in this context - the browser will happily send requests to 127.0.0.1 if some other (potentially attacker-controlled) DNS name is resolving to that.
|
# ¿ Jan 12, 2018 14:02 |
|
From what I hear of American door looks, you can bust 'em open in a few seconds with a rake.
|
# ¿ Jan 16, 2018 13:55 |