Y
Hacker News
new
|
ask
|
show
|
jobs
by
TomasEkeli
524 days ago
giving it a domain-name and serving with https encryption on it would improve all kinds of security.
then again, it feels wonderfully apt that it is on some random ip
1 comments
Etheryte
524 days ago
Security of what? You're not inputting any data of your own into the site.
link
sedatk
524 days ago
Hypothetically speaking, you can still be MitM'ed.
link
Etheryte
524 days ago
And then what, serve me fake Disco Elysium dialogs? What's the threat model?
link
sedatk
524 days ago
Either pick one of the recent JavaScript sandbox escape CVEs on a vulnerable browser, or redirect to your phishing page as to your liking. Again, hypothetical and very unlikely, but the risks are there.
link
Etheryte
524 days ago
They could do all of this without mitming by just making a submission on HN. The extra step doesn't add anything.
link
sedatk
523 days ago
Then why don't they, do you think?
link