Reply to post:

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers

rmacd

And this is exactly why SRI is so important & needs to be enforced across all browsers as standard... and flag any sites that don't do this.

More fundamentally, the idea of uncontrolled/3rd party resources being pulled in on client-side without any checks at all is just ludicrous in this day and age. This is precisely what happened in BA's massive keylogging hack, and I'm sure loads of other high-profile examples are just a search away...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021