ar.al🌻 · @aral
21222 followers · 19353 posts · Server mastodon.ar.alFinally found the time to open a discussion on the Snowpack forums about the lack of subresource integrity (SRI) in Skypack: https://github.com/snowpackjs/snowpack/discussions/2569
(Background: my post from the end of last year titled Skypack: backdoor as a Service? https://ar.al/2020/12/30/skypack-backdoor-as-a-service/)
#skypack #snowpack #SubresourceIntegrity #SRI #security #privacy
#privacy #security #sri #subresourceintegrity #Snowpack #skypack
ar.al🌻 · @aral
21222 followers · 19353 posts · Server mastodon.ar.alIf you specify subresource integrity in a script tag and then import that script also from a separate tag later on, and the source fails the integrity check, on
1. Firefox (Gecko): script doesn’t execute
2. Ungoogled Chromium (Chromium): script doesn’t execute
3. Epiphany (WebKit): script tag is blocked but script executes via the import
Not sure if Safari does the same but that’s not good.
#security #subresourceintegrity
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlineCrafty Web Skimming Domain Spoofs “https” - Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that o... more: https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/ #grandwesternsteaks.com #contentsecuritypolicy #subresourceintegrity #alittlesunshine #cheneybros.inc. #thecomingstorm #denissinegubko #jeromesegura #malwarebytes #webfraud2.0 #privacy.com #ryanbarnett #publicwww #akamai #.ps
#akamai #publicwww #ryanbarnett #privacy #webfraud2 #malwarebytes #jeromesegura #denissinegubko #thecomingstorm #cheneybros #alittlesunshine #subresourceintegrity #contentsecuritypolicy #grandwesternsteaks