If I understand correctly, there is almost no way to stop this attack because it... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		roylez on March 27, 2015 \| parent \| context \| favorite \| on: Why Baidu Has Been Hijacked to Attack GitHub If I understand correctly, there is almost no way to stop this attack because it uses client side JavaScript code. If Baidu doesn't remove this malicious js from its http response, github will continue to suffer.

Pirate-of-SV on March 27, 2015 [–]

Baidu is not doing anything wrong. The HTTP requests/responses are hijacked.

Baidu could make a switch to only support HTTPS though. That would require a more elaborate attack.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact