Thanks I'll check it out, but I thought that tptacek was talking about manipulat... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dmix on Jan 23, 2013 | parent | context | favorite | on: A word on cryptography

Thanks I'll check it out, but I thought that tptacek was talking about manipulation of JS runtimes instead of exploitations of XSS bugs in webkit.

marshray on Jan 23, 2013 [–]

That's the thing about Javascript. The tiniest little XSS or subtle origin violation results in the entire browser app being 100% 'pwned' (to use the technical term).

The pwnage can even persist into the future for that user when you consider the ability of browsers to cache content and HTML5's data store.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact