#social 2016-10-12

2016-10-12 UTC
KevinMarks, jasnell, tantek, KevinMarks2 and shepazu joined the channel
#
aaronpk
good morning loqi
#
cwebber2
morning, *
#
aaronpk
whoa the respec button changed
jasnell, shepazu, tantek, ben_thatmustbeme, timbl and KevinMarks joined the channel
#
cwebber2
we've had plenty of conversation in the social wg about protecting localhost
#
cwebber2
some of you may be interested that a security issue I uncovered just had a fix put out that's about this very topic https://savannah.gnu.org/forum/forum.php?forum_id=8705
#
cwebber2
the crux of it is: many projects assume that localhost is only accessible by its own machine, but there are attacks (especially on any machine using a browser, though probably any client/server making http requests is vulnerable) which make it so you can access information on localhost anyway.
#
cwebber2
dns rebinding attacks especially
#
cwebber2
aaronpk: rhiaro: csarven: ^^^ you may find interesting, esp given you've all had to look at the "what touches localhost" stuff
KevinMarks2, shepazu_, timbl, shepazu, KevinMarks, jasnell and ben_thatmustbeme joined the channel