Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xabad1dea</span></a></span> : if we'd have Device Bound Session Credentials (<a href="https://www.heise.de/en/news/FBI-Agency-issues-warning-about-session-cookie-theft-10007940.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/FBI-Agency-is</span><span class="invisible">sues-warning-about-session-cookie-theft-10007940.html</span></a> and <a href="https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.chromium.org/2024/04/figh</span><span class="invisible">ting-cookie-theft-using-device.html</span></a>), cookie theft via some specific attacks may be prevented. But in general:</p><p>If your device is compromised, it's game over.</p><p><a href="https://infosec.exchange/tags/DBSC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DBSC</span></a> <a href="https://infosec.exchange/tags/pwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pwned</span></a> <a href="https://infosec.exchange/tags/AnyDesk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnyDesk</span></a> <a href="https://infosec.exchange/tags/GameOver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GameOver</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
livellosegreto.it is one of the many independent Mastodon servers you can use to participate in the fediverse.
Livello Segreto è il social etico che ha rispetto di te e del tuo tempo.
Administered by:
Server stats:
1.2Kactive users
livellosegreto.it: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#dbsc
0 posts · 0 participants · 0 posts today
Morten Linderud<p>Anyone looked at Device Bound Session Credentials and figured out how they ensure you are actually dealing with a device bound key?</p><p>As long as there isn't any pre-established trust to some hierarchy then I assume you can just fake the key creation?</p><p><a href="https://chaos.social/tags/TPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TPM</span></a> <a href="https://chaos.social/tags/DBSC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DBSC</span></a> <a href="https://chaos.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload