undefined | Better HN

0 pointsmatthewmacleod10y ago0 comments

That still means the password will be stored unencrypted in the browser's memory. AFAIK, this is no more secure than sending it unencrypted over the loopback interface; is there a scenario where one could snoop loopback, not not read browser memory?

0 comments

detaro10y ago

yes, if the machine is reconfigured to allow loopback access for non-root users, they can sniff traffic but don't read arbitrary process memory. See discussion involving tptacek below, apparently Wireshark offers to make such changes, which might make it more common then one would expect initially (tons of devs have wireshark installed, and probably did that).

j / k navigate · click thread line to collapse

0 pointsmatthewmacleod10y ago0 comments

0 comments

detaro10y ago

j / k navigate · click thread line to collapse