Slashdot Mirror
Worm Exploit Distributed by Advertising Network
Zocalo writes "Given that a lot of Slashdot readers also check The Register, it's important to note that their Internet advertising provider, Falk AG, was compromised by the BOFRA exploit yesterday. The Falk AG service has been suspended by The Register and a statement from Falk AG is due on Monday. The upshot is that if you visited the Register yesterday morning and use IE as your browser, then you probably need to run a full virus scan with up to date data files. Of course, those of us running other browsers and something like AdBlock have nothing to worry about. Again." You're OK for now if you're running SP2. There's also a good security writeup about the problem.
.. falkag.net are the second entry in my ad filter, right after doubleclick
Hopefully the Register, being an excellent IT news service, will provide an answer to that question.
Professor Karmadillo Songs of Science
Sad thing was the company was based in the Netherlands so it wasn't even worth pursuing legally... but if you are on the net, you aren't safe. MS products are more insecure, but you should always take steps to protect yourself, like keep the OS and applications up to date, etc etc
Agile Artisans
I guess I should stop using Lynx then! It's unethical since I don't see images.
Strange comment now google now does picture adverts, admitidly there not very common to spot but they are out there, quite a few google image adverts pop up on a forum I frequent.
If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.
I just wanted to make this comment. One of the SP2 versions trashed my computer so bad when I ran it. And I'm still suffering from the effects. Such effects include freezing on websites for minutes at a time. Installing it also took my computer like 10 minutes to boot if I remember correctly.
If you can get an anti-virus program, do it. It's better than nothing.
I hate third party ads. www.tvtome.com serves one malicious ad, unless they took care of it already. If I remember correctly, the "ad" kept asking me to do something, in which I had to end up killing the IE6 process to stop it. But I run an ad blocking program most of the time. I really hope websites switch to text ads, like Google does.
AdBlock is unethical [...] Extensions and programs like AdBlock are tantamount to theft
It's kinda ironic that a lot of the ads on tech sites are advertising anti-spyware/pop-ups/ads/adware/spam tools, isn't it?
Maybe if these companies agree with you that the use of these tools constitute fraud/theft, then they should stop advertising them.
It's not the first time this has happened either, see this article relating to an incident that happened back in September with Falk AG.
Never email donotemail@WeAreSpammers.com
It's not quite so clear cut as that, though. As I see it:
For adverts:
- Running a web site costs money. The guys running it might even want to make a living
- hiring good writers is expensive
- Advertising money is a proven revenue source for media outlets
- subscription sites don't seem to be a popular option
but, against that:
- The adverts many sites run are overly intrusive and bandwidth-intensive
- people who block adverts probably aren't the kind of people who are going to take notice of them anyway
- just cramming more and more adverts down the throats of consumers is not a sustainable policy: evevntually, everybody will block them because it's impossible to read anything on the web otherwise.
But, sites have to be paid for somehow. Do you have any suggestions of alternative profit models for web sites?
Penny-arcade seems to get by well enough on its merchandise, advertising, freelance art work etc revenue, for example. I'm not sure how well that scales to smaller sites, though.
I have found a nifty IPTABLES Bash Script generator that you can use any plaintext blocklist with. Check it out here: http://www.bluetack.co.uk/converter/index.php You can use the blocklist manager from their site and build a blocklist using multiple sources and generate a bash script to import the deny rules to IPTABLES. And of course for the Windows users there is Protowall (Buggy) which is a driver level packet filtering firewall which you can enter a custom blocklist into also.
Last time I read about the Microsoft's buffer overflow protection implementation in Windows PX Service Pack 2, they were talking about the NX bit present in page entries when the PAE mode was active in AMD x86-64 processors. Even though that protection exists in the new AMD x86-64 processors' MMUs, Intel P4 as well as older AMD processors do not yet support that bit, which means that processes running over them do not get any page-based protection against code execution, even while running SP2.
However I see many people trusting their lives on SP2's protection even without processor support, and I don't see Microsoft willing to clarify this issue either, so I'm starting to believe that probably there is something else that I am not aware of in SP2 which simulates the same kind of protection on processors without hardware support.
Is SP2 really protecting against stack smashing (for example) on processors without hardware support for non-executable pages? Or is it just general ignorance that Microsoft exploits for their own profit?
The upshot is that if you visited the Register yesterday morning and use IE as your browser.
A few years ago I would have laughed at anyone who said something like that and just ignored it as paranoia by someone who didnt really know much about computers and security or who had been watching too many hacker films. Of course you can't get a virus from visiting a web page thats just stupid, who would allow such insane breaches of security? But Microsoft saw a market: they realised that since most people believed you could get a virus that way, why not match their products with peoples expectations? Next slashdot poll should be who uses IE and why...
This comment does not represent the views or opinions of the user.
If they're still using an older OS, that's tough shit for them.
There's going to be a lot of corporate computers running win2k. There's going to be some running WinNT. Times have been pretty tight, upgrading computers for some businesses isn't going to be the top priority. A lot of them dont need to upgrade. If you're using an as/400 session (or similiar telnet type app) and email, a P2 with 128MB and winNT is fine, and that covers a lot of people out there.
A chap on the dlsreports site said it best with regards to spyware and adware.
MS should have thought more deeply about Java and the sandbox concept. Whomever was over there that thought it would be cool to let IE do things to your computer at the command of a remote web site, and whomever signed off on that idea, was either nuts, or totally inexperienced. They shipped (and evidently still ship) a trojan writers dream toolbox and guarded it with kittens.
I fix company's computers for a living. You would not believe the sheer number of spyware shit these people inadvertantly and apparently on purpose install!
I've found in my daily rounds throughout this country that the amount of work people actually do is inversely proportional to the amount of spyware they have on their machines.
You can preach and teach to these people but they don't get it. IE BAD! Chrissakes people. How many 3 and 4 hour bills am I going to have to send you for each machine before you finally get it?
Ok, I can give you specifics.
I think the problem is caused by some incompatibility between SP2 and my wireless LAN card's drivers. It doesn't happen if I don't have the card in there. I need to use the card, so there isn't anything I can do to work around this problem. Unfortunately for me the manufacturer hasn't released any patches to the (buggy I'm sure) drivers. From what I've gathered online they rely on an undocumented interface in Windows that was broken by SP2.
BTW, uninstalling and reinstalling SP2 didn't help. Microsoft's site actually acknowledges the problem with the blue screens and the specific DLL updated by SP2 that causes them, but they don't have any patch available yet.
Unfortunately frames are also extremely useful.
I can do things with frames (and especially with iframes) that I can't do otherwise in HTML.
Admittedly this is because my personal HTML skills suck - I learned HTML in 1993 and haven't really caught up since..
However, the websites my company does its selling on are written by very proficient HTML developers and they still use iframes. They do so because it's the best tool for achieving their aims.
So feel free to stop using frames, even iframes, and block sites that require them. Just don't expect many sites to work afterwards.
Of course, that wont stop you getting hit by malicious banner ads. You'll need to block those or switch browser whether you accept frames or not..
~Cederic
If you visit the Falk AG website, there is nothing on the exploit. The management clearly doesn't know what to do with the problem - otherwise they would have posted a full explanation by now. Ah well, I guess they need some time to wiggle themselves out of this one.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Perhaps some of us use locked down PCs in our workplace and have no choice but to use IE as a browser.
Backup not found: (A)bort (R)etry (P)anic
The fact that this attack happened
or,
The Register editors sacrificed their sacrosanct weekends to post the warning story.
Any regular reader would see that most of the stories abruptly stop at Beer O'Clock on Friday [4 p.m. roughly, depending on British Sunshine].
Due to the regular lack of stories over the weekend, I think the number of readers exposed would have been much less. If it had happened about this time [Monday morning London time] a lot more people would've been exposed.
[% slash_sig_val.text %]
There's not a single thing flamebait about this. Because MaelstromX said something you didn't like, you modded him down. Censorship at it's finest. Re:AdBlock is unethical (Score:-1, Flamebait) by MaelstromX (739241) on Sunday November 21, @08:02PM (#10884143) Well you can keep attacking that straw man argument if you want but it has nothing to do with AdBlock. If a commmercial web site operator knew that a user had AdBlock installed, they would NOT agree to the terms of that user accessing the website, not only wasting bandwidth but acquiring the content contained on the website (which costs money to produce). Their website, their rules. Nobody is forcing you to go, you can leave at any time -- or you can stay and use unethical methods to make your visit slightly more convenient. And all of you bitching about it being within your rights to view content how you want, blah blah blah, shut up already. I am addressing the ethical wrongness of AdBlock -- you are stealing bandwidth and content without also viewing the means for which the web site creates enough revenue for the web site to sustain itself. -- As a side note, observe what happens when you go against slashbot groupthink: Due to excessive bad posting from this IP or Subnet, comment posting has temporarily been disabled. If it's you, consider this a chance to sit in the timeout corner .
Wheel in the sky keeps on turnin'.