←back to thread

Unpacking Google’s Web Environment Integrity specification

(vivaldi.com)
756 points dagurp | 1 comments | 26 Jul 23 11:30 UTC | HN request time: 0.001s | source
Show context
xcf_seetan ◴[26 Jul 23 20:40 UTC] No.36884667[source]
Would it be possible for someone using a zero day vulnerability to develop a botnet that will infect enough computers on the web, and their payload would be some way to modify browsers in a way to render them untrusted to WEI, and effectivelly render anybody infected out of the web? Would it be a new way to DDOS users out of the "trusted" web?
replies(1): >>36885244 #
1. hellojesus ◴[26 Jul 23 21:22 UTC] No.36885244[source]
I asked a similar question:

Can someone send attlestation requests from the range of residential ips with such frequency that the attlestation sequence is forced to captcha users, thus defeating it? You don't need the token response back from an attlestation, so you could spoof your ip and not worry about getting a response.