[HN Gopher] Ancient Monkey: Pwning a 17-Year-Old Version of Spid...
       ___________________________________________________________________
        
       Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey
        
       Author : todsacerdoti
       Score  : 72 points
       Date   : 2024-10-29 14:56 UTC (8 hours ago)
        
 (HTM) web link (blog.pspaul.de)
 (TXT) w3m dump (blog.pspaul.de)
        
       | StrauXX wrote:
       | One of my team colleagues solved this one at hacklu. It was a
       | wild ride from what I heard.
        
       | prettyStandard wrote:
       | Does anyone else like Zscaler?
       | 
       | All the devs at my company kind of hate it because it's always
       | breaking stuff. I think it's cool in theory, but they have
       | basically zero automated support on how to get the certificate
       | installed.
       | 
       | They have manual instructions on how you add the certificate to
       | the Java key store, and NPM key store, and the python key store,
       | and the OS key store, etc...
       | 
       | And my whole thing is: won't malware use those same key stores?
       | Won't malware detect that the certificate isn't passing and then
       | just default to HTTP?
       | 
       | I'm starting to think it's security theater.
        
         | Cthulhu_ wrote:
         | IDK about whether it's security theater or how secure it is,
         | but the software is fucked. I'm glad I'm not forced to use it
         | (yet?), it hasn't worked right in forever and I really don't
         | want to go to IT only to get blocked websites because they're
         | content that my corporate overlords don't want people to look
         | at during work hours (it's video games, not porn).
        
       ___________________________________________________________________
       (page generated 2024-10-29 23:00 UTC)