|
|
|
|
|
|
by j0ev
4776 days ago
|
|
|
Using his same attack, it's easy to spoof the js crypto libs to be insecure/have a backdoor, while the site appears unmodified to the user. Even worse is that the attacker only really needs to spoof the JS assets once, and set an extremely long expiration date in the response cache headers, and then he's poisoned your site until the user forces a reload or kills his cache. tldr; you owe mox $1000 |
|
|