|
|
|
|
|
|
by kingzero
4613 days ago
|
|
|
> As mentioned in the writeup, there's a beautiful way you can protect even non-power-users. Because the extension downloads and verifies the webapp HTML, CSS and JS every time it runs, the web app is constantly being validated. Imagine the following. An Attacker manages to hijack your server. They fingerprint[1] the browsers of each user and only send malicious JS to certain users that dont use your extension. No one will ever know, that they have been compromised. [1] https://panopticlick.eff.org/browser-uniqueness.pdf |
|
|