[cryptography] If this isn't a honey-pot, it should be

Marsh Ray marsh at extendedsubset.com
Wed Jun 15 15:00:04 EDT 2011


On 06/15/2011 01:43 PM, markus reichelt wrote:
> * Marsh Ray<marsh at extendedsubset.com>  wrote:
>
>> Note that this site is sourcing Google analytics.
>
> ... so?

A site can be no more secure than the places from which it sources 
script (or just about any resource other than images). In all 
probability Google is not the weakest link in the security, but if they 
wanted to take over this web page completely they could do so using only 
supported script functionality.

Furthermore it shows that the site is, in fact, supplying the visitors' 
metadata to one of the largest cross-referencing identity databases on 
the planet.

- Marsh



More information about the cryptography mailing list