Time to ditch HTTP - govt malware injection kit thrust into spotlight Don't touch that cat video, warns Citizen Lab Once the victim's IP address is known, the injection server can identify his or her connections to website, intercept the passing unencrypted HTTP stream and insert malicious code into the web page. This happens without any user interaction at all; the inserted code then exploits vulnerabilities in the victim's computer - perhaps a Flash plugin or browser zero-day - to infect it with spying malware. Governments tend to stockpile exploits for various devices and operating systems. Citizen Lab says YouTube and Microsoft Live login pages are heavily targeted. "The proliferation of tools for both tactical and on network injection attacks highlights a vulnerability that has existed since the beginning of the consumer Internet," the report states.
EFF's HTTPS Everywhere is one of the addons I use on Firefox along with NoScript, AdBlock and some auto-cookie killers.
Thanks @melbo, I personally appreciate the security improvements and all that you have taught us to look for regarding other sites. It amazes me that the Monkey is more secure then my bank. I always check for the canary.
