Slashdot Mirror
Hackers Use Banner Ads on Major Sites to Hijack Your PC
The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software. And the ads do their dirty work even if you don't click on them.The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory." CT: Link updated to original source instead of plagerizer.
....porn sites
I hope whoever is doing this eventually gets theirs.
What goes around comes around.
So now I need to buy penis-enlargment pills AND and anti-virus.
"A gentleman never strikes a lady with his hat on." - Fred Allen
That's why Firefox+NoScript+AdBlock Plus+Flashblock were invented
root@127.0.0.1
I've never come across one of these ads. In fact, I rarely get ads as I use the Adblock Plus plugin for Firefox. This just gives even more reason to ban advertisements entirely. Thanks!
ilovegeorgebush
I ran into one of these buggers while surfing news sites. Since I had many tabs open I'm not sure which one featured the poisoned ads, but I was fairly surprised when my Firefox 2 running under Leopard started coughing up fake, Vista-style dialogue boxes and floating window ads, as if I were using a common gutter computer like a Dell.
These stories are free but worth money.
Some people complain about Firefox AdBlock? Sheesh.
Note to self: remember to program Adblock to reject everything from DoubleClick from now on, on all home computers.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I use these exclusively, are there reports that this method gets by them? I know that if the ad is blocked, it isn't downloaded, but is that all it takes, download the ad and you have the virus?
/.
Sounds like a reason to just block all double-click items...
I don't enable flash/scripts on any page unless it is needed -- like scripts for
Sig? What's a Sig?
to Guantanamo Bay
Great, now we can await a round of finger pointing to begin over who is liable.
Windows Vista Help Forum
The "let's ban it" attitude seems awfully familiar. Are you a member of the US, UK, or EU parliament by any chance?
Like it or not, but advertising generates (directly and indirectly) the revenue that drives the Internet. When advertisement is passive, and does not attempt to hijack your computer, it is theoretically an win-for-all scenario: the advertisers get their clients, the consumers get their products, and the sites that host the advertisement get their costs and expenses covered.
The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal.
...and since those sites outsource to Doubleclick, they'll point a finger at them. Doubleclick will no doubt point the finger at some previously-unheard-of company that "solicits advertisements for the Doubleclick network", and they'll point the finger at their "client."
Meanwhile, The Economist, MLB, Canada.com, etc won't take responsibility for the content they present on their website (after all, they chose to use Doubleclick, they chose to put advertisements on the website, they chose not to require approval of ads before they were shown on their website, etc.) Funny how everyone is trigger-happy when it comes to copyright, but when it comes to content they present causing harm, it ain't theirs, eh? :-)
Doubleclick, of course, won't accept responsibility for vetting advertising distributed via their channel (which seems like a standard business procedure for, oh, an advertising network?) The only comfort is the mechanism of the free market: if website users get pissed enough, said websites might put pressure on Doubleclick or leave them altogether. That's bad for Doubleclick business, so maybe Doubleclick will consider vetting ads better, or run checks to see that flash code doesn't do certain things, etc. Then again, if the malicious banner ad suppliers are paying good enough money, Doubleclick may be perfectly happy to issue a press release "apologizing" and keep right on doing business as usual.
Please help metamoderate.
The flibby link is identical to this Wired blog post by Betsy Schiffman, dated four days earlier.
but does it work on Linux.
This isn't news... except perhaps to those who ridicule us folks who disable javascript for security reasons.
When I'm faced with unexpected modal dialog boxes on web pages I don't click any of the buttons -- instead I close the dialog box by clicking the corner "X." I don't even trust a "cancel" button. In the video demonstration, the user always clicked a button, even when "okay" was the only choice.
Not that it lessens the threat by much, but I wonder if the attack could've been thwarted simply by clicking that little "X" in the corner instead of a button.
This is a good enough reason for ISP's concerned about security to block DoubleClick. You spam the net with bad referrals you get binned. Also think of the traffic that would get binned, way better than blocking p2p.
Do it for a month and DoubleClick and their ilk will be extra sure about not hosting bad stuff.
I'm sure Google will fix it all when they take over Doubleclick. After all, they've never had unexpected results with AdWords!
Right, we all use Adblock and the like. Yet, you can't force everyone in the vicinity to do so, there are lesser minds who opt for Opera, and there's even a tiny portion of giants on Links -- and let's not even mention how low SOME folks can fall.
I would say that adzapper (if you use squid) or a DNS-based blacklist is quite mandatory wherever you do have a say. Glancing at the logs of ISPs I have root at, roughly 1/4 of all freaking http requests go to lowlifes -- and even that based on my grossly incomplete list of ad/spyware/tracking scum.
Yeah, 25%. That's horrible.
And there are some customers dumb enough to complain if you do protect them from ads, so you can't do this in an ISP scenario. But in a company, school or family? Hell yeah, there's no reason for doubleclick.com to get through, ever.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
I had an ad pop up on a website I was viewing on a work computer. The site was legitimate and appeared that somebody had used a DoubleClick banner to attempt to exploit my machine. I clicked the x button to close the window but it took me to the malware site anyway. It really freaked me out. I had to close Firefox completely with a series of Alt+F4 hits. Thank goodness I was using portable Firefox instead of the outdated IE the company tries to force us to use or I would definitely be screwed. I just hope it didn't do any damage to my machine.
Does anybody have any information on what this malware does to your machine?
Nothing to see here, please move along.
Technological Darwinism in action.
I want to delete my account but Slashdot doesn't allow it.
OK, so it's not just me! I have an XP (sp2) box that I've kept trim and clean for ~5 years now, until I got hit with one of these a week ago.
It happened just as described in the article, and I've had a HELL of a time trying to clean it off. I managed to get rid of the primary symptoms (ie. - notices that my hard drive had "junk" on it, linking to sales sites for SystemErrorFixer and PCPrivacyTool), but was left with a residual effect (virus?) that the resolution of network names on my internal network were directed first to an external IP address of extremely dubious pedigree.
None of the common tools (ie. - AVG, SBS&D, unHackMe, Smitfraud killers, CA anti-virus, MS OneCare, etc.) were able to even SEE this, let alone remove it, so I've settled on a format/reinstall.
Interesting that the article mentions Canada.com, as I live in Toronto, and use their TV listings daily.
This has been going on since flash 8 was released with a vulnerability. I got hit by this about a year ago, maybe a little more.
Suddenly windows security center, that I routinely turn off because I can't stand the nagging, started up and told me that my computer was insecure and that I should go to a certain website and buy their virus defender software.
Not very subtle to a savvy person like myself, but I imagine some people would fall for it.
The box also started throwing up connection error message boxes, presumably because my external firewall were blocking outgoing connection attempts. Again not subtle, but it's an uncommon setup for a home user.
Third, it must have rooted the box somehow because certain files became invisible. "test.exe" among them. Renaming a textfile to text.exe would make it disappear, and the folder would be unremovable. Cygwin came to the rescue there. Also I noticed only because I happened to have lots of little crap programs laying around.
The virus scanners did not pick up on this.
This is the only time I have actually contracted a virus. Needless to say I hosed the box (PING is not disk image). What I learned from the experience is that knowing your system is way more effective than a virus scanner, and B) don't trust flash which is how I got the damn thing. I thought I was safe with firefox.
Content providers need to be responsible for the content of the ads posted on their sites - that's a given. TFA indicates that these content providers (the people behind NHL.com, for example) simply received payment for these ads via credit card or wire transfer and then posted the content. If these sites used a network television model, they would have intimate relationships with the advertisers and would work together to provide less offensive and more effective ads. I don't think they need to go that far (network television ads are far from perfect, although they are quite effective), but clearly MLB.com and NHL.com need to be held responsible for the content on their sites, and hopefully this will encourage better cooperation between site hosts and advertisers.
Use Adblock... the "stealing money from webmasters tool" :P awwwwww por little webmasters
I'm pretty sure it does because I had to wait 30 seconds for any page of Slashdot's to render fully yesterday because Firefox was busy waiting for ad2.doubleclick.com or somesuch subdomain of theirs. The current page source certainly has doubleclicky ads.
Now, granted, the malware distributors typically tag ads for subjects not often seen on Slashdot (but I get them on, e.g., the Sinfest comic - huh, imagine that).
I'd say it's about time Doubleclick (that's you, Google, if you finally get to say you did indeed acquire it and everybody OK'd the deal.) gets held a little more responsible for this sort of thing being done through their network for which they collect money.
This is going on prety much since the beginning of the (http-based) web as we know it, first by browser exploits then by flash and activex and whatever else
definetly not news
here's a list of the sites that contained the malware:
100it.info, 10smi.info, 2greatfind.com, 2quickfind.com, 3akoh.net, Ad2cash.net, Ad2profit.com, Adcomatoz.com, Adgurman.com, Adhokuspokus.com, Adnetserver.com, Adredired.com, Adsolutio.com, Adtraff.com, Adverdaemon.com, Adverlounge.com, Adzyclon.com, Alg-search.com, Alhoster.com, Aligarx.biz, All-search-it.com, Alphatown.us, Anmira.info, Anonymbrowser.com, Antivirussecuritypro.com, Aptprog.com, Art-earn.biz, Astalaprofit.com, Autodealer-search.com, B2adz.com, Bazaard.com, Belkran.com, Belshar.com, Bestadmedia.com, Best-biznes.info, Best-cools.info, Bestdatafinder.com, Besteversearch.com, Bestpharmacydeals.com, Best-screensavers.biz, Bestsearchnet.com, Bestshopz.com, Bestwm.info, Bestwnvmovies.com, Bezzz.info, Bi-bi-search.com, Bizadverts.com, Bizmarketads.com, Blessedads.com, Bm-redy.com, Bovavi.com, Brandmarketads.com, Bucksinsoft.com, Burnads.com, Cancerno.com, Candid-search.com, Carpropane.com, Cashloanprofit.com, Casinoaceking.com, Casinoby.com, Casinodealsgalore.com, Cha-cha-search.com, Cheap-auto-deals.com, Checkstocklist.com, Chushok.com, Clever-at-search.com, Clubheat.info, Come-from-stars.com, Co-search.com, Creamme.net, Cryptdrive.com, Cyndyk.info, Deuscleanerpay.com, Didosearch.com, Diphelp.biz, Dmitry-v.info, Doma2000.com, Durtsev.com, Easybestdeals.com, Energostroj.com, Enothost.com, Eroticabsolute.com, Errordigger.com, Errorinspector.com, Evrogame.info, Fandasearch.com, Fantazybill.com, Fastwm.info, Fastzetup.info, Fati-gati-search.com, Favourable-search.com, Favouriteshop.com, Feel-search.com, F-host.net, Fifaallchamp.com, Fight-arts.com, Fileprotector.com, Findbyall.com, Firstbestsearch.com, Firstlastsearch.com, First-ts.com, Foamplastic.net, Fokus-search.com, Force-search.com, Forceup.com, Forex-instruments.info, Forvatormail.com, Freepcsecure.com, Freerepair.org, Freetvnow.net, Friedads.com, Fulsearch.com, Getfreecar.com, Gibdd.us, Glass-search.com, Glorymarkets.com, Gosthost.net, Great4mac.com, Greyhathosting.com, Gt-search.com, Hackerpro.us, Hardlinecenter.com, Hebooks-service.com, Hintway-international.com, Homeofsite.com, Hromeos.com, Hyip2all.org, Icq-lot.org, Iddqdmarketing.com, Ideal-search.com, Idea-rem.com, I-forexbank.biz, I-games.biz, Imamis.net, Individ-search.com, Information-advertising.info, Infyte.com, Initial-search.com, Insochi2014.com, Installprovider.com, Internetadaultfriend.com, Internetanonymizer.com, Internetsupernanny.com, Intervarioclick.com, Investmentsgroup.org, Invulnerableads.com, It-translation.biz, Izol-tech.com, Kamerton-tests.com, Kazilkasearch.com, Keytooday.com, Keywordcpv.com, Kiridi.net, Kpoba.net, Kurgan45.info, Ladadc.com, Lanastyle.com, Ldizain.info, Libresystm.com, Liders.biz, Linii.net, Liveclix.net, Loffersearch.com, Londasearch.com, Lovecraft-forum.net, Loveopen.info, Lseom.biz, Luckyadcoin.com, Luckyadsols.com, Mad-search.com, Magicsearcher.com, Mailcap.info, Manage-search.com, Marketingdungeon.com, Mass-send.com, Max-expo.net, Maxyanoff.com, Mediatornado.com, Mega-project.biz, Megashopcity.com, Mightyfaq.com, Misc-search.com, Mobilesoftmarketing.com, Mobiletops.com, Mobilorg.org, Moneycometrue.com, Moneypalacecash.com, Mounthost.net, Myfavouritesearch.com, Myhealth-life.org, Myonlinefinance.com, Mysurvey4u.com, Mythmarketing.com, Mytravelgeek.com, Myusefulsearch.com, Napol.net, Navygante.com, Netmediagroup.net, Netturbopro.com, Newbieadguide.com, Nryb.com, Of-by.info, Olgalml.com, Ol-search.com, Onedaysoft.com, Onestopshopz.com, Onwey.com, Opensols.com, Original-search.com, Osetua.com, Osminog.org, Parischat.org, Passwordinspector.com, Pcsoftw.com, Pcsupercharger.com, Performanceoptimizer.com, Piramidki.com, Podelkin.info, Popadprovider.com, Popsmedia.com, Popupnukerpro.com, Postcity.info, Prenetsearch.com, Prevedmarketing.com, Prizesforyou.com, Pro-dom.info, Propotolok.info, Pro-svet.info, R2d2adverising.com, Radiosfera.net, Rocktheads.com, Roller-search.com, Rombic-search.com, Rus-invest.net, Rusnets.info, Russia-post.com, Sajruen.info, Samson-pro.com, Sauni.net, Se7ensearch.com, Search-and-win.com,
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Still, griping aside it's good to see this hijack getting a higher profile. However, I had a note from someone who had come across a hijacked banner on Yahoo! just today, so it's clear that the banners are still out there.
Banner hijacks for this type of rich media ad are not a new problem. It's not a problem you generally see with good old fashioned GIF and JPG banners, or plain text ads.
Never email donotemail@WeAreSpammers.com
all the more reason to set up a host file
http://www.mvps.org/winhelp2002/hosts.htm
This explains a lot. A couple of times recently on Allmusic.com, I've had some spyware-malware.com (or some such thing) make a pop-up box on me. I was very confused as to why a legit site like allmusic would have that happen. Sites need to start being concerned about this kind of thing or they're going to start losing traffic.
Flash has always been an insecure resource hog.
Unfortunately, I think a lot of folks get talked into using flash on their sites by web designers who just want to maximize billable hours. Often their sites fail at the basic function of conveying information because they don't include HTML versions of the information people are looking for. A great example are bands with tour information in Flash only. Most of the artists don't even know about the problem. Unfortunately the people who answer webmaster@site are often those reaping the cash rewards of flash-only implementations.
I don't allow flash in my primary browser and also disable javascript. I won't visit websites that require Flash. Just say no.
I've seen shit as brazen as this for decades. Most notably the sort of poorly-constructed pop-ups that leave me thinking, "That would fool my mom. I need to warn her." When confronted by this sort of criminal code, I open the task manager and dump the browser entirely. Sure, I lose every tab I have open, and everything I was doing up until that point, but oh well. NEVER click OK if it's NOT OK.
to block doubleclick
Adblock, hosts file, iptables, surfing the net with lynx, etc. Pick a method you like and enjoy life without doubleclick.
Everyone is cheering for AdBlock when they read this, but why is it ok that a browser can install spyware, viruses, etc when you are browsing a web page? Shouldn't this be something that can only happen on sites that you explicitly permit or upon agreeing to a dialog asking if it's ok to run a given program? If you can experience this problem with double-click, then you can experience the same problem with any web site out there, so I'd much rather see us fixing the security holes in various browsers.
So after so many years I just now installed ad block plus. I never went through with it before because I would occasionally click on an ad... maybe every other month? I never felt bad about it because those ads were usually on the developer sites that I use constantly... if clicking their ad can give them a few cents and give me some information I need, I've more than paid for my individual usage of their site.
But if the biggest names in advertising cant keep their act together, then I just don't see how anyone can justify allowing ads any longer.
~Phil
The risks of client-side scripting that use unsafe languages (including Flash and its ActionScript) make the extra functionality not worth it to me. If you want to be safe, disable scripting and live without it, or use NoScript. I hope some day scripting will become safe, but it clearly isn't now.
From TFA: The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable.
.swf file. If you don't like that policy, then you can find another distributer for your ads. If your actionscript is so convoluted or obfuscated that doubleclicks programmer can't figure it out, then you can wait in line until the programmer can figure it out, or you can simplify it.
All Doubleclick has to do is require the actionscript source code for all ads. There is *no good reason* for an advertiser to hide anything from doubleclick. Send doubleclick your sourcecode. They will compile it into a
Problem solved.
When you find a company that allows people to use their copyrighted material however they want, and also takes responsibility (monetarily and apologetically both), for their own mistakes, let me know. And they have to still be in business, that is..
the common denominator in all this is MS-Windows, get rid of windows (if possible) and you will be much better off with an immunity from this sort of infection, use some variation of *nix (BSD of Linux) and as others in this article commented using AddBlock & NoScript extensions on Firefox is your best bet at stopping this sort of thing...
Politics is Treachery, Religion is Brainwashing
Sigh
Since I can't trust any of the buttons in a pop up, I usually close them using the red X square, We call it the "Go Away Box" around here, so I've forgotten its given name. Will this work for this kind of ad? I am thinking it's safe because my OS is putting that button on a frame around the ad's window.
Note to self: remember to program Adblock to reject everything from DoubleClick from now on, on all home computers.
I use Adblock and NoScript on Firefox. Doubleclick is the first site on the block list in both apps. That's why I couldn't figure out why Google wanted to buy them.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
FYI - Flash can call javascript within actionscript code. The only reason to use flash for this hack is to hide the javascript code from reviewers, since it's illegal to decompile an swf.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
(First, Slashdot: why does the Reply button for a new comment have to be a button? I want to reply in a new tab, and I can't open a new tab from a button.)
Now the main issue: What's up with the article link? hhttp:wwwwiredcomtechbizmedianews200711doubleclick doesn't look like any URL I've ever seen.
This is a sig. Deal with it.
Someone broke the link
Because the link is invalid (missing all punctuation marks in the URL) and nobody even notices.
The one in the article is broken
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
There's a related hole in Google Maps, an "open redirector", that allows this exploit. Here's an example:
Caution - hostile URL Close the page displayed; don't click on anything on it. .
Note that it fools Slashdot, and most link scanners in spam filters, into accepting the URL as leading to "google.com". But, in fact, it redirects to the "malware-scan.com" hostile site, which will try to install an Active-X control.
We've been finding attacks like this up with SiteTruth, by using PhishTank information to down-rate sites that have open redirectors. We've found open redirectors on Google and AOL. They're actively being exploited.
So we're currently down-rating Google, and AOL.. It may seem drastic to downrate an entire major site because they have a few "minor" exploits. PhishTank itself only blacklists specific hostile URLs. But that's no longer enough. Most modern phishing attacks use a unique URL, and often a unique subdomain, for each user attacked. SiteTruth thus takes a harder line. If a domain hosts something one of the data sources says is an attack, it downrates the whole domain automatically.
It's within the power of the site operator to close such security holes. We encourage them to do so.
Yeah, I immediately thought of a set of malicious ads that triggered an IFRAME exploit back in 2004. The Register found them on their own site, pulled the ads and apologized to their readers. The Internet Storm Center did a pretty good write-up of the incident.
The problem isn't unique to Doubleclick. It exists anytime you have multiple parties producing dynamic content for a site. The producers of Malware seek out every opportunity to inject their slime onto the net. If you have a forum, guestbook or allow comments on blogs, you will get hit by bots trying to find ways to inject malware into a post. The people playing this game buy expired domains and fill them with malware garbage.
If you look at the logs for any web site, you will probably find hits from malware distributors trying to find ways to hack in and inject their poison.
I suspect that thousands of links on posts from slashdot go to sites that try to do wrong. Undoubtedly the purveyors of malware have probably tried to inject their slime into Wikipedia.
I don't think the game of declaring any site that allows third party creatives an enemy of the people will solve the problem. A better approach to blocking sites like Doubleclick is to try and engage the people allowing third party creatives to develop better ways to monitor and reduce the malware problem.
We also have to accept that there will never be a perfect way to stop malware and the creators of malware are very good at adapting.
In reality, these kind of attacks have been happening for years. Netcraft first reported on banner network hijacking more than three years ago, in August 2004, and cited similar attacks that may go back as far as 2001. High-profile sites that have been affected almost from the start. In November 2004, the web sites of The Register, NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital were used to distribute malware.
"hhttp:wwwwiredcomtechbizmedianews200711doubleclick"
Is so not a valid url.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I have three low-end Dells running Linux.
They say they'll be waiting for you in the parking lot.
Sent from the iPad I found in your car.
And speaking of "trigger-happy", you seem to point the finger right back at the Web sites for not inspecting the ads and the underlaying code. Well, that's what they hire DoubleClick for,
And who decided to hire DoubleClick, instead of (as you mention) Google AdSense or a hundred other advertising networks, all of varying reputation, levels of annoying-ness, etc? Who negotiated the terms of the contract, which could have required vetting of ads by Doubleclick? Who had the power to chose between text, GIF, and Flash based ads? Who benefits financially from the presentation of those ads?
So, again tell me who is responsible for ME getting an infected PC visiting that website? If GM makes a car and the wheel falls off because Bob's Bolts sold them defective bolts, I can still sue GM for selling me a car on the reasonable assumption that GM would test bolts before putting them in a hundred thousand vehicles...and GM made the decision to buy from that particular supplier.
The way the world works is: I sue GM. GM then sues Bob's Bolts for damages (ie to reputation, the money they had to give me and spend on legal defense, cost of recall, etc.) Bob's Bolts then may sue Smith's Steel for selling them crappy steel.
Or, in this case: I sue The Economist for infecting my machine. The Economist turns around and sues Doubleclick for providing malicous ads. Doubleclick may then turn around and sue the company that made the malicious ads, for violating the terms of contract with Doubleclick specifying no malicious content...
Please help metamoderate.
...the monkey punches you.
I'm not sure if the adware/spyware is so discriminating that it can tell your custom-built, water-cooled, polished wood super-duper high-end PC from an ordinary Dell machine. At the end of the day, your machine has pretty much the same CPU chip (from Intel or AMD) and mostly the same motherboard chips.
However, it's worth noting among large corporations that look for a three-year life out of their computers, Dell is the leading provider of hardware. Among which tech community are "Dells are renowned in the tech community as often technically poor machines stripped down to bargain components in order to keep the sticker price low".
PayPal has a "Virtual Debit Card" that you can use to access your PayPal account. Prior to downloading the software, you're asked to verify your system requirements. If everything checks out, you can then download and install the software.
Here's the rub - when you click on the "Download Now" button, it actually sends you to DoubleClick.net site. Then the DoubleClick.net site redirects you back to the PayPal site and starts downloading the application. If you have DoubleClick.net blocked in your hosts file, like I do, then you can't download the software.
Why?
It is so that DoubleClick.net can plant a first-party cookie, spy on your activities, direct advertisements to you... PayPal has just submitted ALL your information AND the fact that you use PayPal, AND the fact that you purchase stuff online, AND, AND, AND... Then DoubleClick.net can target you for highly targeted advertisements.
This is just unconscionable. PayPal deserves all the flame they're gonna get over this one.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Thanks to OpenDNS I can filter the worst of the worst advertising systems BEFORE the even reach my home! So it does not matter WHAT OS or browser you use. That way I can protect EVERYONE in my home from that DoubleClick crap!
Personally I feel that Flash adverts are too invasive. There is no need to use Flash! Animated GIF and other eye-catching techniques are far more effective.
And the WORST are the Flash adverts that make NOISE!!!! I find that just plain offensive!
I have been afraid of the ad servers, not only for the parasite risks, but also the stall.... ie adhosts actually have the site they are hosted on by the balls.. that is, if the ad don't load, the page don't load. Restrict the ad serving and you shut down most websites.. That is unless users engage in ad blocking.. and this nice hosts file looks good to me. Anyone warn against trying this?
What does this word mean? Do you mean, "banned"?
Dog is my co-pilot.
That's not what I heard.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Finally a chance to get spammers out of business:
1) consumer class action suit against the large hosting web site(s)
2) in defense large hosting site has to sue DoubleClick
3) in defense DoubleClick has to sue the life out of the spammers.
Just another reason I am on the Microsoft colonic program!
Linux Mint
Firefox
Adblock Plus
No Script
Customize Google
Safe Cache
Safe History
Couldn't be happier with Mint, Open Office, Compiz, Thunderbird, etc.!
The hardware is not the problem.
You are being MICROattacked, from various angles, in a SOFT manner.
I think its bad enough that ads install spyware on your computer for the purpose of recording your usernames across different sites... I wouldn't mind so much if it was just marketing statistics they were generating... but when they call me on the phone about my anonymous posts...
So which agency determines which company has the right to install spyware on our computers?
The whole issue of banner ads, spam in your inbox, etc., is DON'T CLICK THE LINKS! DON'T PATRONIZE THEM! You donkoft!
I think the video said it rather succinctly by demonstrating the idiot went and clicked on a banner ad. Sorry I didn't see anything unusual that I don't normally see and I click the RED X to get rid of it.... or better yet; stop using Internet Exploder!!!
Firefox rulz!!
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
If you have a couple of computers on your home network, then a centralised way of achieving the same thing would be to run your own DNS server.
http://www.deer-run.com/~hal/sysadmin/dns-advert.html
Also beware system slow downs when using the windows DNS client combined with a large hosts file.
That Java also have to be fixed. It is sligtly better, but signed sites can do anything they want to your computer (it's a feature, not a bug!).
Browsers should block plugins by default.
Rethinking email
I was reading economist.com a few days ago and had two of these things pop-up... kind of scary actually... I guess I have to dial one click back on usability, and one click up on security... sigh...
..there's a decent use for the law system, this might be one of those times. They would vett the ads better once they lost a big class action lawsuit, along with all the bad publicity.
Oh hay cheeseburger. Nice troll, not that it's hard on slashdot. You should come back to k5 where there's more of a challenge, it's totally not dying or anything.
My thoughts exactly. As soon as I saw this thread I searched for allmusic and found your post... I knew I couldn't be the only one.
LOL! Ok, sure... lesser minds like to surf faster, & more securely, than they do with other browsers (AND, have all the features other browsers needs addons (which MAY or MAY NOT BE SECURELY CODED mind you)) to do!
Evidences?
====
SECUNIA DATA ON BROWSER SECURITY (dated 10/20/2007):
====
Opera 9.24 security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
* NETSCAPE 9.0.0.3 also qualifies here, as does Opera, with 0% unpatched known bugs/issues!
----
FireFox 2.0.0.9 security advisories @ SECUNIA (25% unpatched):
http://secunia.com/product/12434/
----
IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (40% unpatched):
http://secunia.com/product/12366/
----
Those %'s are the latest for FireFox 2.0.0.9, Netscape 9.0.0.3 (decent one but not as natively fully feature packed without addons as Opera is, nor is it as fast overall), & IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.24...
All latest/greatest models.
So, as you can see?
Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?
It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:
http://www.howtocreate.co.uk/browserSpeed.html
AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:
http://nontroppo.org/timer/kestrel_tests/
Opera's just more std.'s compliant, faster, & more secure than the others... so, "where do you want to go today?"...
APK
P.S.=> We "lesser minds" of the net can only present the evidences noted above, vs. your great name-tossing wisdom... lol! apk
Here's yet another redirection exploit on Google, reported in a Symantec security bulletin. This one exploits redirection in the "I'm Feeling Lucky" feature.
Tonight I visited Yahoo mail.
My browser window shrank and moved, and a pop-up window wanted me to visit http://scanner2.malware-scan.com/3_swp/?aid=threw6ar_ma3&lid=&ax=1&ed=2&mt_info=4961_3078_11003 in order to rid my computer of viruses and malwares...
Beef.