[zhte415]

The first paragraph of the article mentions

> operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable:

[gruez]

So basically browser vendors need to add all Chinese hosting sites to their safebrowsing blacklist?

[dmix]

It’s coming from a Baidu domain which is one of the biggest sites in the world. That might be a bit difficult...

[gruez]

If you're negligent in securing your site and it gets infected, your site should be blocked. You shouldn't be able say "well it's technically not us, it's the CCP!" whilst not doing anything about it. As for badiu being a major site, that can be resolved by browser vendors displaying a special page explaining to its users of the situation.

[saagarjha]

Isn't this the firewall itself rewriting request responses that happen to be from http://baidu.com? How is Baidu infected in this case, and what can they do to prevent this on their aside aside from strict HTTPS upgrades?

[toast0]

Strict HTTPS upgrades is probably warranted. Getting into the https preload list is easy (if your infrastructure is ready) and effective.

HTTPS has real costs, but if you're distributing javascript at high volumes you should pay them.

(Handling the ddos is harder when the target is https though... Can't know what the handshake is about until you've spent the cpu on handshaking)

[dmix]

There’s no proof it was Baidu though ...

[gruez]

edited my reply between you posting the comment.

[fortytw2]

Yes, and I would imagine that could only be done inside of the Great Firewall, which I’m pretty sure is operated by the Chinese Government?