Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Now that I read more about your app I can see why criminals would want to subvert it. You are replacing the top (ad) search result on every search engine with one that has been verified by sitetruth.com. If I were a criminal I would love to slightly modify your code to point to my own ad server, thus letting me earn affiliate bucks. Then install the addon via drive-by download. The users wouldn't remember installing it, but they might not remove it either, due to the pleasant-sounding name.


Is this not the same vector used for the GitHub DDOS, just in a slightly different form?


Maybe installation was done by Firefox add-on updates?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: