
A JavaScript-Based DDoS Attack as Seen by Safe Browsing - cleverjake
http://googleonlinesecurity.blogspot.com/2015/04/a-javascript-based-ddos-attack-as-seen.html
======
SoftwareMaven
If this was done by China, would TLS everywhere really have prevented them
from performing this attack? Couldn't they perform a TLS MITM, spoofing Baidu
to people outside the GFoC. They would have the ability to modify the DNS
records that show up outside China and certainly would have a CA they,
effectively, control to provide a Baidu cert. They could proxy the request
through to the real Baidu, then inject the JS to whatever comes back before
passing it on. To the user outside China, everything looks copacetic.

It is certainly a more difficult attack, but it doesn't seem like it's outside
the realms of possibility for a state actor that funnels all content through
one pipe. Am I overlooking something?

~~~
petermonsson
The attack would still be possible, but the attacker would now risk their CA
status.

------
javajosh
Out of curiosity did the Safe Browsing people notice the DDOS at all while it
was happening, or did you just use the news item as justification to poke
through some historical data?

------
mey
They don't identify the network operator they mention. I wonder if this is to
prevent an international incident...

~~~
nickodell
Or, they don't have any more information on that than anyone else, and they
don't want to drag their discussion off-topic.

