[liberationtech] Snakeoil and suspicious encryption services
Tony Arcieri
bascule at gmail.com
Tue Jul 22 11:42:04 PDT 2014
On Tue, Jul 22, 2014 at 4:47 AM, Aymeric Vitte <vitteaymeric at gmail.com>
wrote:
> Indeed extensions can be mitmed as easily as js code
Browser extensions are digitally signed by their authors, so no, they are
in no way as vulnerable to a MitM attack as JS served over plaintext HTTP:
https://security.stackexchange.com/questions/34412/signing-a-browser-extension
> the big difference is that it's easy for any skilled js people to check
> what is doing the js code
As pointed out with your 400kB wad of JS, that's not true, but probably
beside the point...
while it can be difficult for extensions I believe.
>
Extensions provide an alternative way to package HTML/JS which allows for
digital signatures of the entire archive, so no, it's really just a more
secure way of distributing the same thing.
You should be using a browser extension for Peersm, not some web page
served over plaintext HTTP.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140722/2f35ef16/attachment.html>
More information about the liberationtech
mailing list