Cox does something similar but bypasses the the DNS records and just slipstreams... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		afhof on Jan 1, 2014 \| parent \| context \| favorite \| on: I fought my ISP's bad behavior and won Cox does something similar but bypasses the the DNS records and just slipstreams in a response. I noticed Cox would redirect javascript requests to their own HTTP server and put in their own snippets, effectively doing mass javascript injection. The snippet ended up being some sort of alert about upcoming maintenance, but using a malicious technique for a benign purpose is the path to the dark side. Use HTTPS! (I use 8.8.8.8, it didn't help)

RKearney on Jan 1, 2014 | [–]

Comcast also injects JavaScript into HTML responses if they feel the need to send you a message.

Here's the code they use: https://gist.github.com/ryankearney/4146814

And here's my (extremely short) writeup on it: http://blog.ryankearney.com/2013/01/comcast-caught-intercept...

venomsnake on Jan 1, 2014 | | [–]

Isn't that CFAA abuse on their side?

jamesbritt on Jan 1, 2014 | | [–]

I had this happen to me and it pushed me to use a vpn for all personal Web traffic.

ihsw on Jan 1, 2014 | [–]

Rogers (Canada's Comcast) does the same thing, but for warning you about your bandwidth usage.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact