- From: Chris Palmer <palmer@google.com>
- Date: Thu, 8 Jan 2015 10:31:25 -0800
- To: Chaals from Yandex <chaals@yandex-team.ru>
- Cc: Mark Watson <watsonm@netflix.com>, Jim Manico <jim.manico@owasp.org>, Jeffrey Yasskin <jyasskin@google.com>, Tim Berners-Lee <timbl@w3.org>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 8, 2015 at 4:32 AM, <chaals@yandex-team.ru> wrote: > advertisements for luxury apartments in the newly privatised Pentagon) are :) > And option 4 is to keep discussing for a few more years. This is a problem > that will probably go away one day, as people suck up the cost of securing > everything, or republish the interesting unsecured things from a more secure > server. That is a viable option, indeed. > As another motivating example, it seems Project Gutenberg doesn't seem to > use https connections. To be honest, I don't care. Even in an e-book reader > that imports a hacked King James that says "Thou shalt kill". If we are > relying on HTTPS for people to correctly interpret the commandment in > question, I think we're chasing the wrong problem with our solutions. What about if a network attacker inserts a fuzzed king-james.epub that exploits a vulnerability in your book reading app? https://firstlook.org/theintercept/2014/08/15/cat-video-hack/
Received on Thursday, 8 January 2015 18:31:52 UTC