Equifax ran code for *years* that executed s/w from abandoned domains, including a malware server since last Fall. https://www.wsj.com/articles/equifaxs-latest-security-foil-a-defunct-web-service-1507937742 …pic.twitter.com/nYZXozTjZR
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Important to note that in this case, the calling code was *on* Equifax's server. Literally, a web service expired in 2014.
But it was loading some resource (likely script) from the abandoned domain. This is what I'm saying should be disallowed.
ah, I see. Yep. That would be the nuclear option, but also kill most web fonts
There's utterly no reason to be using scripts, much less non-same-origin, for fonts. It's cargo cult nonsense.
But if you did need them just host copies locally under your own control.
preaching to the choir. Always chuckle when a dev can't render a local web page on laptop in flight b/c jquery, google fonts etc
I am but a humble sysadmin, new to a dev team, and I kind of wondered about that... you just gave me the courage to speak up about it
often an issue of devs w/ just enough knowledge to be dangerous; if scale-up needed, use CDN for *all* static assets.
You'd break the entire web. Also, people would cargo cult fetch(...).then((c) => eval(c))
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.