How do you access the phishing site when your computer is locked?
Not much harder. The state of the art of phishing right now is proxy based setups like evilginx which pass along credentials in real time. Then you just save the session cookie or change/add the 2fa mechanisms so you…
>Unlawful presence on US soil is a civil offense. It's literally the same class of offense as a parking ticket. Overstaying a visa is a civil offense, 'improper entry' e.g. jumping the border is criminal.
How would they get the private key? Or would this CA only allow using certs with private keys they generated instead of using CSRs?
It would allow all EU governments to intercept everyone on the planet if that CA is root in every browser install.
>Then fraudsters would have to buy additional devices Which a lot of them already do: https://www.youtube.com/watch?v=hsCJU9djdIc Or just use a botnet to steal use of someone else's hardware, which is also very common…
Even less so since this is a proposal for a javascript api.
>It'll end DDOS by botnet. Not even remotely. This proposal is adding this attestation to one of the last network layers, most DDOS methods won't be touched by this.
Yes that was the idea. :)
How about waving your arm once to turn on a light switch and then wave it again to turn it off?
Yes, my signals only differ by screen size.
How do you access the phishing site when your computer is locked?
Not much harder. The state of the art of phishing right now is proxy based setups like evilginx which pass along credentials in real time. Then you just save the session cookie or change/add the 2fa mechanisms so you…
>Unlawful presence on US soil is a civil offense. It's literally the same class of offense as a parking ticket. Overstaying a visa is a civil offense, 'improper entry' e.g. jumping the border is criminal.
How would they get the private key? Or would this CA only allow using certs with private keys they generated instead of using CSRs?
It would allow all EU governments to intercept everyone on the planet if that CA is root in every browser install.
>Then fraudsters would have to buy additional devices Which a lot of them already do: https://www.youtube.com/watch?v=hsCJU9djdIc Or just use a botnet to steal use of someone else's hardware, which is also very common…
Even less so since this is a proposal for a javascript api.
>It'll end DDOS by botnet. Not even remotely. This proposal is adding this attestation to one of the last network layers, most DDOS methods won't be touched by this.
Yes that was the idea. :)
How about waving your arm once to turn on a light switch and then wave it again to turn it off?
Yes, my signals only differ by screen size.