cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: The "Great Firewall of China"

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Sat, 18 Jun 2016 11:21:37 +0200

On Sat, Jun 18, 2016 at 10:52:05AM +0200, Gisle Vanem via curl-library wrote:
> Dan Fandrich wrote:
>
> > I think it's ironic that not only does this protest requires loading arbitrary
> > Javascript from a third-party site, but it's served unencrypted and
> > unauthenticated and is therefore vulnerable to active manipulation by a
> > malicious party while in transit.
>
> Why is this so ironic? You're not trusting the firewall
> status of China is accurate?

The problem is that someone adding this banner opens up a massive security hole
in his site the size of, oh, I don't know, the Great Wall of China maybe. A
hole that can be trivially exploited by a malicious state actor to inject
arbitrary Javascript code into the browser of any targeted visitor to that
site.

>>> Dan
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-18