Last Updated: 2014-09-23 23:29:03 UTC
by Johannes Ullrich (Version: 1)
There are two advantages in allowing jQuery.com to host the code:
- Performance: Code is typically delivered faster, and a user may already have the code cached if they visited another site that used the CDN hosted copy of jQuery.
- Automatic Updates: Updates to jQuery are pushed to the CDN by the jQuery developers, and a website using it will automatically receive the latest copy.
On the other hand, there is an important drawback, and the main reason why the jQuery code for isc.sans.edu is hosted on our own servers: With code being "blindly" included from 3rd party sites, it is possible that a compromise of this 3rd party site will affect your site's security.
Sadly, just this happened according to RiskIQ with jQuery.com . The web site was compromised and malicious code was injected redirecting users to a malicious site. Luckily, the jQuery library was NOT affected. Otherwise, many additional sites would have been exposed and visitors to these sites would have been affected. This is in particular fortunate as the attack appears to be targeted. The redirection domain used in this attack was jquery-cdn.com . That domain was registered on the day the attack was first noticed.
Particulary concerning is the fact that I am unable to find any statement about the attack on jQuery.com . If someone has a link, please let me know.
If you have more information or corrections regarding our diary, please share.