This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries
article thumbnail

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

MARCH 31, 2021

However, it's now owned by me and it's just sitting there doing pretty much nothing other than serving a little bit of JavaScript. I'll come back to that shortly, let's return to the business model of Coinhive: So, instead of serving ads you put a JavaScript based cryptominer on your victi. You know how people don't like ads?

Security 145
Security Mining Paper Libraries 145
article thumbnail

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Troy Hunt

FEBRUARY 11, 2018

One of their developers embedded this code in the campaign's donation website: <script src="[link] type="text/javascript></script> See the problem? One of their developers embedded this code in the campaign's donation website: <script src="[link] type="text/javascript></script> See the problem?

Libraries 98
Libraries Risk Government IT 98
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 55,000+ Insiders by signing up for our newsletter

About
Awards
About
Editions
Awards
Editions
Topics
Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024