Decision at BootstrapCDN about MaxCDN, Java

Avatar of jdorfman
Developer Evangelist at StackShare ·

This is the fourth Stack Decision of this series. Read the last one to catch up.

My friend and I were driving up to northern California, I got a tweet saying that their corporate anti-virus software was reporting that certain files on BootstrapCDN contained malicious code that installed Java malware on Windows XP workstations. The hackers were clever, using MaxCDN's #API they found a way to update the origin server URL & port (8080) to their server and only updated a few files to fly under the radar.

I thought it was over, who was going to use BootstrapCDN after this? Well, like earlier I was wrong again. After the postmortem was written people left comments and emailed us saying “thanks” which I can’t thank those who did, it kept me going. Which was needed because the next wave of issues are coming in part 5.

AMA below. 👇

8 upvotes·2.2K views
Avatar of Justin Dorfman

Justin Dorfman

Developer Evangelist at StackShare