Too Long; Didn't Read
<a href="https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5" target="_blank"><strong>I’m harvesting credit card numbers and passwords from your site. Here’s how.</strong></a><strong> </strong>by <a href="https://medium.com/@david.gilbertson" data-anchor-type="2" data-user-id="f735d3b0f2f3" data-action-value="f735d3b0f2f3" data-action="show-user-card" data-action-type="hover" target="_blank">David Gilbertson</a>. “In some <a href="https://developers.google.com/web/fundamentals/security/csp/" target="_blank">wise words</a> from Google: ‘If an attacker successfully injects any code at all, it’s pretty much game over.’ XSS is too small scale, and really well protected against. Chrome Extensions are too locked down. Lucky for me, we live in an age where people install npm packages like they’re popping pain killers.” It’s real, it’s scary, it’s funny, and it’s <a href="https://twitter.com/hackernoon/status/950775967705739264" target="_blank">the internet’s most clapped story of the year so far</a>. There’s some great discussion about it on <a href="https://twitter.com/search?src=typd&q=hackernoon.com%2Fim-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how" target="_blank">twitter</a>, <a href="https://news.ycombinator.com/item?id=16084575" target="_blank">hacker news</a>, <a href="https://www.reddit.com/r/programming/comments/7omh1n/im_harvesting_credit_card_numbers_and_passwords/" target="_blank">reddit</a>, and <a href="https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5" target="_blank">here</a>.