Slashdot Mirror


EFF: Wider Use of HTTPS Could Have Prevented Attack Against GitHub

itwbennett writes The attack against GitHub was enabled by someone tampering with regular website traffic to unrelated Chinese websites, all of which used a JavaScript analytics and advertising related tool from Baidu. Somewhere on China's network perimeter, that analytics code was swapped out for code that transparently sent data traffic to GitHub. The reason GitHub's adversaries were able to swap out the code is because many of the Chinese websites weren't encrypting their traffic.

1 of 48 comments (clear)

  1. Fake certificate... by zoffdino · · Score: 4, Interesting

    Can HTTPS help when even the certificate is faked? I can barely hold any trust about anything from China these days.