[IPython-dev] Scorpion saver hijacked my Ipython notebook..

Matthias Bussonnier bussonniermatthias at gmail.com
Wed Jan 1 12:37:14 EST 2014 

Hi toby,

Happy new year too, do you mean "tornado" by scorpion ? I'm not sure csp is a solution as people 
Tend to inject JavaScript into the notebook on purpose. That beeing said it would be nice to know 
How or where your Ipython process have been hijacked if it had been. If the installation files have been modified then it's the security of your all server that is compromised. 

Do you run your server on public ip? HTTPS ? With password ? 

Envoyé de mon iPhone

> Le 1 janv. 2014 à 02:27, Toby Burnett <tburnett at myuw.net> a écrit :
> 
> For the second time. When It got it several weeks ago, I thought that I had eliminated it after half a day of struggles.
> The immediate symptom is that the  IPython notebook, as served from my Linux compute server, is suddenly is a blank screen. The reason is that the HTML is modified by the browser: this is the first few lines:
> 
> <!DOCTYPE HTML>
> <html>
> <head><script type="text/javascript" id="2f2a695a6afce2c2d833c706cd677a8e" src="http://d.lqw.me/xuiow/?o=2&g=87020BB1-5E15-E06B-C4B6-FDE07558008A&s=F5D333A8-C748-4686-AE0A-9E008F670C22&z=1387546177"></script>
> <meta charset="utf-8">
> <title>IPython Notebook</title>
>  
> The script src property is modified in a way that is very hard to fix. (This is Chrome, but IE has the same issue.)  It should be
> <script src="/static/components/requirejs/require.js" type="text/javascript" charset="utf-8"></script>
>  
> I’ll try to get rid of it again, but might have to make a clean install, ugh.
> When looking into how this can happen, and what safeguards there might me, I came across the idea of a “content security policy” that a web site could implement, and would, I think, at least give a warning about this:
> https://developer.chrome.com/extensions/contentSecurityPolicy.html
>  
> Any thoughts/suggestions welcomed.
>  
> --Toby Burnett
> (And Happy New Year to the team!)
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140101/cd00ca1d/attachment.html>

More information about the IPython-dev mailing list