This is the fourth Stack Decision of this series. Read the last one to catch up.
My friend and I were driving up to northern California, I got a tweet saying that their corporate anti-virus software was reporting that certain files on BootstrapCDN contained malicious code that installed Java malware on Windows XP workstations. The hackers were clever, using MaxCDN's #API they found a way to update the origin server URL & port (
8080) to their server and only updated a few files to fly under the radar.
I thought it was over, who was going to use BootstrapCDN after this? Well, like earlier I was wrong again. After the postmortem was written people left comments and emailed us saying “thanks” which I can’t thank those who did, it kept me going. Which was needed because the next wave of issues are coming in part 5.
AMA below. 👇