[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Adam Barth
cap-talk at adambarth.com
Tue Jul 7 03:35:10 EDT 2009
Plugins can run arbitrary code on the user's machine. Considering
what happens after the user install's the attacker's plugin isn't
productive. The user has already lost all of their security.
Adam
On Mon, Jul 6, 2009 at 5:23 PM, Sandro Magi<naasking at higherlogics.com> wrote:
> And yet, if it allowed you free access to something you might otherwise
> have to pay for, you just might install that plugin wouldn't you?
>
> Sandro
>
> stay wrote:
>> On Mon, Jul 6, 2009 at 2:53 PM, Karp, Alan H<alan.karp at hp.com> wrote:
>>> To your first point above, can the software making the request be a script on a page or a browser plug-in? If so, what prevents Bob's Finance from delivering to the user's browser software that will make requests as Acme Finance?
>>
>> The fact that almost no one installs plugins.
>>
>
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
More information about the cap-talk
mailing list