Hacker News new | past | comments | ask | show | jobs | submit login

You must have misread because they never said anything like what you're claiming they said here.



This is what they wrote:

In short, this is how this Man-on-the-Side attack is carried out:

An innocent user is browsing the internet from outside China.

One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).

The web browser's request for the Baidu javascript is detected by the Chinese passive infrastructure as it enters China.

A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user's browser to continuously reload two specific pages on GitHub.com.

Nowhere do they say that the script is only injected into the pages from GitHub.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: