Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tptacek
on Sept 10, 2012
|
parent
|
context
|
favorite
| on:
Yeoman: Modern workflows for modern webapps
You mean besides the fact that this gives remote code execution to anyone who can spoof a DNS record?
smokeyj
on Sept 10, 2012
[–]
Wouldn't you have bigger problems at that point?
mrkurt
on Sept 10, 2012
|
parent
[–]
No, you might just be drinking coffee, or at a library, or on Google's public Wifi, etc.
smokeyj
on Sept 11, 2012
|
root
|
parent
[–]
Say you try logging into your gmail. Couldn't they spoof the DNS and point you to a "proxy" that skims your credentials?
mrkurt
on Sept 12, 2012
|
root
|
parent
[–]
HTTPS is an entirely different story, I don't know that people would necessarily like installs like "curl
https://my.script.ly
| sh", but there's at least a mechanism to verify the identity of the source.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
