Hacker News new | past | comments | ask | show | jobs | submit login

Thank you for writing up this detailed breakdown.

I can see how option #4 is a problem from a theoretical standpoint, I still have trouble imagining an actual attack.




If you're asking why the image data might matter, here are concrete examples of non-public images that people might want to get their hands on:

* Earnings projections (and in general slides from non-public presentations that the user but not the attacking website has access to)

* Medical imaging

That's after thinking about this for 15 seconds. I'm sure there are many more in practice.

Or is that not what you were asking?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: