jQuery is a popular Javascript framework, used by many websites (including isc.sans.edu) . jQuery provides many features, like easy access to webservices as well as advanced user interface features. When using jQuery, sites have the option to download and host the complete code, or let jQuery.com and it's CDN (Content Delivery Network) host the code. There are two advantages in allowing jQuery.com to host the code:
On the other hand, there is an important drawback, and the main reason why the jQuery code for isc.sans.edu is hosted on our own servers: With code being "blindly" included from 3rd party sites, it is possible that a compromise of this 3rd party site will affect your site's security. Sadly, just this happened according to RiskIQ with jQuery.com [1]. The web site was compromised and malicious code was injected redirecting users to a malicious site. Luckily, the jQuery library was NOT affected. Otherwise, many additional sites would have been exposed and visitors to these sites would have been affected. This is in particular fortunate as the attack appears to be targeted. The redirection domain used in this attack was jquery-cdn.com . That domain was registered on the day the attack was first noticed. Particulary concerning is the fact that I am unable to find any statement about the attack on jQuery.com . If someone has a link, please let me know. [1] http://www.net-security.org/malware_news.php?id=2869 --- |
Johannes 4068 Posts ISC Handler Sep 23rd 2014 |
Thread locked Subscribe |
Sep 23rd 2014 6 years ago |
They've now posted a blog article about it @ http://blog.jquery.com/2014/09/23/was-jquery-com-compromised/
|
Anonymous |
Quote |
Sep 24th 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!