Is that attack possible over https, without compromising a CA or a local hack like sslStrip? If a page is doing secret stuff over http it's even more broken.
>> "The usage of HTTPS in combination with HSTS can reduce the effectiveness of QI. Also using a content delivery network (CDN) that offers low latency can make it very difficult for the QI packet to win the race with the real server."
It's not clear to me how it is possible over https only sites without forging a certificate or MITMing the connection. The new content would have to be encrypted with the correct key.
If indeed this is possible then the internet is totally broken. "Reduce the effectiveness" implies that it is still possible though.
