Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mayrun
on July 14, 2015
|
parent
|
context
|
favorite
| on:
How I got XSS’d by my ad network
doesnt have to be literally "hacked", just a change of the dns records is enough.
leni536
on July 14, 2015
[–]
Well, once you hotlink jquery in your website at least use the https link (assuming your site is on https too).
nothrabannosir
on July 14, 2015
|
parent
[–]
No need; the browser will block
http://
included from
https://
pages. Including from a
http://
page? Then a compromised jquery cdn is the least of your worries.
In short; no, just a compromised dns record is not enough.
mayrun
on July 14, 2015
|
root
|
parent
[–]
if it is a
http://
page, then even a small change in the local host file is enough.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
