Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF: Wider Use of HTTPS Could Have Prevented Attack Against GitHub

Posted by timothy on Thursday April 2, 2015 @02:54AM from the one-day-one-day dept.

itwbennett writes The attack against GitHub was enabled by someone tampering with regular website traffic to unrelated Chinese websites, all of which used a JavaScript analytics and advertising related tool from Baidu. Somewhere on China's network perimeter, that analytics code was swapped out for code that transparently sent data traffic to GitHub. The reason GitHub's adversaries were able to swap out the code is because many of the Chinese websites weren't encrypting their traffic.

2 of 48 comments (clear)

Min score:

Reason:

Sort:

HTTPS needs to be the default by Anonymous Coward · 2015-04-02 03:16 · Score: 2, Interesting

You cannot tamper with the contents of a HTTPS stream.
But don't be under the illusion that that actually provides security, after all, if you can't MITM, you just need to poison the watering hole.
Fake certificate... by zoffdino · 2015-04-02 03:31 · Score: 4, Interesting

Can HTTPS help when even the certificate is faked? I can barely hold any trust about anything from China these days.