Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
nothrabannosir
on July 14, 2015
|
parent
|
context
|
favorite
| on:
How I got XSS’d by my ad network
No need; the browser will block
http://
included from
https://
pages. Including from a
http://
page? Then a compromised jquery cdn is the least of your worries.
In short; no, just a compromised dns record is not enough.
mayrun
on July 14, 2015
[–]
if it is a
http://
page, then even a small change in the local host file is enough.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
In short; no, just a compromised dns record is not enough.