Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pop-Under Deception and Private Property

Posted by CmdrTaco on from the sleeping-in-the-bed-you-made dept.

RogerRamjet98 writes "I was browsing the web today and I got hit with a pop-under ad. Annoying but no big deal, right? Wrong. This one managed to change my home page to (CT:Link removed. Why would we send these dicks traffic?) Which pretends to be yahoo, and is convincing enough to fool the average computer user, but is really a platform for launching more pop-under ads. Combine this with the AOL/WinXP news, and it makes me think that the settings on my computer ought to enjoy legal protection as private property: Changing them without my permission (such as adjusting my home page, or whatnot) should constitute assault or trespass." Or turn of JavaScript. Or don't run IE. But good luck on that trespass case. With a history of laws like the DMCA, Uncle Sam can only make it worse.

5 of 103 comments (clear)

  1. Re:Malicious JavaScript by q-soe · · Score: 3, Interesting

    Actually this is a common problem and growing more so at the moment - it was only on warez sites and porn sites but is increasingly common. The other night i was involved in 'ahem' warez surfing (i know i know) and came across a link i thought looked good, clicked on it and copped 12 popup windows (yep i expected it and should have) what i didnt expect is a changed home page and 10 new favourites not to mention that lovely code that locks a window at full screen and you cant close it - you have to CTRL-ALT-DEL

    no warnings and no question - this can be done and according to my developers is really easy to do - and as these days to get all web pages to work you need to use IE- theres not a lot of choice - of course you can lock it down but that means many things wont work properly anyway - so whats the solution ?

    someone come up with an answer for this ? PS popup killer doesnt work with My IE - i use cable and of course it doesnt work as its a customised version.

    So any ideas ? (please dont advise me to change to Mosaic or Netscape or opera as i cannot do that with my cable provider (i love opera but it wont work properly with most of my plugins without playing and i dont see the point of having a broadband link and a crippled browser - i spend my days playing with servers and dont want to spend my nights configuring browsers - this is why i dont use linux at home)

    --
    I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
  2. Technical Details by Self+Bias+Resistor · · Score: 3, Interesting

    Are there any people (who have enough knowledge of Internet Explorer or the Windows OS in general) how this could be achieved? I find it very disturbing that such settings (such as your browser's home page) could be altered remotely without your permission, which could constitute a breach of computer security. As far as I know, (depending on your jurisdiction) there isn't any specific legislation that marks your computer's settings as your private property. The only thing you can do is, like Taco said, disable JavaScript or don't run IE. Which makes sense anyway.

    --

    ----------
    When the pin is pulled, Mr. Grenade is no longer our friend.

  3. And which dicks would those be? by devphil · · Score: 5, Interesting


    Granted, I agree that we shouldn't send "those dicks" any traffic. And I agree that companies who do this sort of thing are indeed dicks. And I also agree that it would be most amusing to see an entire /. comment page referring to an unnamed corporation only as "those dicks" because we don't have a name or a domain.

    But it would also get old quickly. So, Taco, what's the name of the organization whose link-to you removed? Not a domain or anything, just a noun that we can use instead of "those dicks."

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  4. Where's the script? by Anonymous Coward · · Score: 1, Interesting

    Could someone post the script that changed the home page (suitably neutralized, of course)? I know of no way to change someone's home page without permission; if such a way exists, it would be a bug.

    I suspect the poster was tricked into approving it, but is too proud to admit it... its seems the usual reaction to being duped is to cryout, "there outta be a law..."

  5. Arghh... make up your mind... by killbill · · Score: 3, Interesting

    So when somebody portscans my system, I can't prosecute them because they "did nothing illegal". Even if they root my box, I can't prosecute because they "were just exposing how flawed my security system is"...

    When somebody distributes a copy of an MP3 ripped from a licensed piece of music, it's OK because you would not have bought the album anyway ;) and information wants to be free.

    But somebody changes your homepage, and suddenly it's a job for the federal government.

    BTW, the DCMA, as stupid and flawed as it is, probably gives you some legitimate avenues to address this sort of offensive behavior.

    I know the DCMA is the only reason you won't be seeing those dreaded "smart links" in the next version of Internet Explorer.

    --
    Mathematically impossible requirements are technically not against policy.