Reply to post:

Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages

Tom Paine Silver badge

An attacker with access to the network path between client and server can intercept HTTP requests for images on your site and swap or replace these images; the attacker can swap the save and delete button images, causing your users to delete content without intending to; replace your product diagrams with lewd or pornographic content, defacing your site; or replace your product pictures with ads for a different site or product.

Fixed that for Google.

Has anyone seen any evidence of these sort of attacks in the wild, apart from pranks at Defcon?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019