![]() ![]() Maybe people are waiting for the real shit to happen before they start thinking about it. It’s like CNAME abuse by trackers but worse. In short, it means that any request url that you see displayed as coming from some server may in fact come from anywhere else. I have seen the Alt-Svc header sold until now for noble goals such as opportunistic encryption and now this other https-related use, but I do not understand why nobody is questioning how evilly this Alt-Svc feature could be used. “The Alt-Svc header “allows a server to indicate that a particular resource should be loaded from a different server” while appearing to the user that it was still loaded from the same server.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |