Reply to post:

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

Claptrap314 Bronze badge
Facepalm

1) If a site I depend on gets hacked, I'm not going to know until they tell me or I read about it here.

2) If a site I depend on gets hacked, I have no tools or ability to fix the problem.

3) If a common site gets hacked, then everyone who depends on it gets hacked, per this example. Since crypto-jacking is about making money, this is a particularly important point.

Of course, 1 can be partially mitigated if I'm running a round-trip test from the outside.

The idea of including off-site scripts that have not been digitally signed (recursively) is nuts. That doesn't fix everything, of course, but it is a start.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019