Y
Hacker News
new
|
ask
|
show
|
jobs
by
meepmorp
3083 days ago
Unless, of course, the site you trust is hosted in a shared hosting VM which is also vulnerable to spectre or meltdown. In which case, you can’t trust the scripts.
1 comments
XR0CSWV3h3kZWg
3083 days ago
spectre can read, not write.
link
meepmorp
3083 days ago
If I can read arbitrary data, what’s stopping me from reading the credentials I need to write data?
link
anfilt
3083 days ago
What if I read the sites TLS/SSL keys? I could MITM the connection and inject JS to do more malcious thing.
Or even easier get the ssh key for the VM. Then do what ever I want.
link
dtparr
3083 days ago
If it can read the right data (private keys, etc.), then it can write whatever it wants.
link