Or anyone who controls your DNS resolution which has a number of paths (for exam... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		drpossum on July 9, 2024 \| parent \| context \| favorite \| on: Google Chrome has an API accesible only from *.goo... Or anyone who controls your DNS resolution which has a number of paths (for example a local hosts file, possibly a router, changing your config or how you get your config to a malicious DNS server, etc)

eknkc on July 9, 2024 | [–]

Won’t work with https.

If that malicious actor can install a custom ca too, they can already install whatever spyware they want.

q3k on July 9, 2024 | | [–]

Not that easy with HSTS.

wbl on July 9, 2024 | | [–]

Also need a cert which is tricky

ruined on July 9, 2024 | | [–]

or public wifi access point

abirch on July 9, 2024 | [–]

You'd probably need DNS and Root Certificates, something to which most employers have access

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact