Hacker News new | past | comments | ask | show | jobs | submit login

Which presumably is why the attackers here are injecting their own client-side JavaScript that sends a copy of the payment information to the attacker. Even if the business never sees a copy of the sensitive information, their server can still be made to serve up malicious code that does.



Yep. I completely agree. I hadn't had my early am coffee yet ;)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: