> assumptions about who is responsible for data security.
The chief assumption appears to be "anyone but the browser vendors". Let us consult the article:
BeEF
This, to me, was the most impactful demo
Quite the endorsement. So what's BeEF's angle?
"...examines exploitability within the context of the one open door: the web browser."
There could hardly be a clearer expression of contempt for the browser vendors' offerings. But remember, the "open door" is nothing to do with them, it's all your fault for not serving via HTTPS.
1. The web browser executing the injected data stream it receives from the remote computer.
2. Your brain interpreting 'non-executable' instructions as received from your browser.
Browser security has nothing to do with me going to 'xyz.com', which is the trusted website for xyz company, and being fed a MiTM telling me to go to a bad phone number for support.
The chief assumption appears to be "anyone but the browser vendors". Let us consult the article:
Quite the endorsement. So what's BeEF's angle?"...examines exploitability within the context of the one open door: the web browser."
There could hardly be a clearer expression of contempt for the browser vendors' offerings. But remember, the "open door" is nothing to do with them, it's all your fault for not serving via HTTPS.
Welcome to Clown World.