Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
barmstrong
on Jan 24, 2011
|
parent
|
context
|
favorite
| on:
The code injected to steal passwords in Tunisia
I might have missed this, but how was the javascript injected in the first place? Did they have a URL param being displayed (unescaped) on the page?
adn37
on Jan 24, 2011
|
next
[–]
Attacker sits at network / ISP level, and can therefore inject any (js, ...) payload in non-https web pages, on the fly.
jawher
on Jan 24, 2011
|
prev
[–]
Nope, nothing of the sort. The government has absolute control over the internet infrastructure here, and they manipulated the page's markup on the fly (or maybe the served an already modified and cached copy) when requested.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
