top | item 30639479

(no title)

cotillion | 4 years ago

You are most likely vulnerable to some extent, protection has to be done by your ISP.

In this case it seems like the attackers targeted an SDK. Subresource integrity would have helped here.

discuss

It would not have prevented it, because they could've just as easily attacked the server that serves the HTML instead of the CDN that served the JS.

cotillion|4 years ago

No, klayswap.com has CAA configured in DNS.

ianpurton|4 years ago

Yes I saw they attacked the sub domain holding the javascript (developers.kakao.com), but could they have also attacked the main domain?

Sub resource integrity wouldn't help if they could have re-routed requests from klayswap.com

unknown|4 years ago

[deleted]