Slashdot Mirror
Worm Exploit Distributed by Advertising Network
Zocalo writes "Given that a lot of Slashdot readers also check The Register, it's important to note that their Internet advertising provider, Falk AG, was compromised by the BOFRA exploit yesterday. The Falk AG service has been suspended by The Register and a statement from Falk AG is due on Monday. The upshot is that if you visited the Register yesterday morning and use IE as your browser, then you probably need to run a full virus scan with up to date data files. Of course, those of us running other browsers and something like AdBlock have nothing to worry about. Again." You're OK for now if you're running SP2. There's also a good security writeup about the problem.
This is a really big problem. Okay, so its Register and they realized this and stopped it. But we visit so many other websites - how are we to know which one of those ad providers are infected and which are not?
Sheesh, where is accountability? Blame the sysadmins, blame the software, pity the customer. Lather, rinse repeat.
Maybe site owners will start moving or demanding text-based ads (like Google's)?
Rock that crushes, Paper & Scissors that don't matter.
how many ie users have switched to sp2 ,yet ?
Trolling using another account since 2005.
You're OK for now if you're running SP2.
Ummm... My Win machine is running SP4. Oh, you mean XP SP2. Not on my machines, man... The highest I'll go on my personal machines is 2k.
Aside, you left out another browser of very worthy note. Oh, well, make that two.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Utter drivel. I suppose you think that it is "theft" to change the channel on the TV when adverts come on, as well. Is it also "theft" to turn the page of a magazine without looking at the adverts on it? As far as I am concerned, advertising is a form of pollution. It reduces the visual beauty of the environment and I don't want to see it.
flossie
Write now. Defend liberty
"Extensions and programs like AdBlock are tantamount to theft; you are acquiring the content but not "paying" for it by loading the advertisements."
Um, it is clearly *your* problem if your website's cash flow relies on wasting my bandwidth with advertisements.
Your supposed 'right' to profit does not extend to the point where I have to bend my life around your profit model. Thanks.
... but if you are on the net, you aren't safe...
/. about another piece of malware, there is always the refrain: "Does not affect Mac users". Unless you are running some proprietary vertical app, why still suffer Windows? What computing JOB can be done in Windows that can't be done as well or better by a Mac or Linux?
Unless you are a Mac user that is. Every time there is anything in the news or
All theory is gray
You're a troll, but I'm biting even so.
We are under no obligation to play by whatever crooked-up business model a company cooks up. Unless I sign/click an agreement to view the ads, they don't have a legal leg, nor a moral one for that matter, to stand on.
They offer a web-page because they have something to say. I select how to view it. What more is there to it?
I guess you're ok with printer cartridge prices too? After all, its 'their business model' and not following it would be 'theft of service and fraud'?
"" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
Hmm, Seing as we can have "laws" which make it illegal to fast forward through a commercial on your device, it seems it would be a trivial matter to make it illegal for you to do this on your DNS server or with your hosts file...
There was never any agreement between me and the website admins that I had a limited license to view the content predicated by my looking at ads. Websites that are on the internet are free to the consumer, unless explicitly stated otherwise.
Ceci n'est pas une sig.
:wq!
I still see the adds on penny arcade because they are small enough it's not worth my effort to block them, and occasionally something interesting comes up.
:\
I see no adds here because they are huge flash obscenities for Microsoft FUD campaigns.
You want clickthroughs? Rethink your ad placement policies. (If I could select as a pref nothing but text adds for Linux/Unix/Hardware with _informational_ content - I might well see adds on Slashdot. And you might get paid more that the 0 you get for me at present.)
The thing that pisses me off most of course is that the ultra lightweight version still has the heavy and blotated flash/animated adverts
Beep beep.
Yes it's a lie. They haven't suspended the service. When I first contacted the Falk AG support team in Germany they were clueless. It took them several hours before I received a response after I'd sent them an e-mail documenting the attack and where the exploit was on their site. I forwarded the same e-mail to several people at The Register too. Later today the article appeared on their site. I don't think The Register had any idea what was going on until much later. The original infection was in http://f.as-eu.falkag.net/server/asldata.js?rdm=01 684246 which was ad based just below the banner. What's there now is I think just data mining.
Bitter and proud of it.
Put it this way: Firefox offers pre-WinXP users a *free* path to being secure. Microsoft forces them to spend a significant amount of money.
No, the latest version for EVERYONE is IE6 SP2. If they're still using an older OS, that's tough shit for them. You can't say "Well the latest version of Windows is XP, but some people decided not to upgrade so the latest version for them is 2000." It just makes no sense.
Yet another disadvantage of tying the web browser to the OS. Atleast the latest versions of Opera and Firefox run on Windows 95 just fine.
Besides, I don't think IE6SP2 runs on Windows 2003 Server. What do you have to say to users of that OS?
Perhaps I would say stop surfing the net from the server, O Master of Secure Computing.