This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove tag anonymization
Remove Government Remove IT Remove Workshop Related Topics
Education Consumer Services Libraries Energy and Utilities Mining Computer and Electronics Agriculture Manufacturing Financial Services Security More Related Topics >
article thumbnail

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. Even my own state government down here had been hit. I know, we're all shocked but bear with me because it's an important part of the narrative of this post.

Libraries 97
Libraries Risk Government IT 97
article thumbnail

Subresource Integrity and Upgrade-Insecure-Requests are Now Supported in Microsoft Edge

Troy Hunt

MAY 1, 2018

I recently wrote about the Browsealoud problem where a cryptominer ended up on a bunch of government websites due to them embedding an external script and allowing it to run whatever it wanted to in the context of their site. No - cyber-sticky tape! And so it is with trusting JavaScript served from third parties.

IT 48
IT Security Government 48
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 55,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024