Major ISPs Injecting Ads, Vulnerabilities Into Web

Posted by timothy on Saturday April 19, 2008 @10:28AM from the do-you-feel-violated dept.

Rebecca Bug writes "Several Web sites (Wired, eWEEK, The Washington Post) are reporting on Dan Kaminsky's Toorcon discussion of a serious security risk introduced when major ISPs serve ads on error pages. Kaminsky found that the advertising servers are impersonating, via DNS, hostnames within trademarked domains. 'We have determined that these injected servers are, in fact, vulnerable to cross-site scripting attacks. Since these servers are being injected into your trademarked domains, their vulnerability can be used to attack your users and your sites,' Kaminsky said, identifying EarthLink, Verizon and Qwest among the ISPs."

3 of 116 comments (clear)

Min score:

Reason:

Sort:

I first read it as... by doublee3 · 2008-04-19 10:37 · Score: 4, Funny

I first read it as "Major ISPs Injecting Aids", but then found I wasn't very far off.
1. Re:I first read it as... by ohtani · 2008-04-19 12:48 · Score: 2, Funny
  
  You took the words right out of my mouth there. "Aids? What?" *click* "Oh, Ads... Wait no, they meant Aids"
  
  --
  Pancakes. Oh I blew it.
its easy as... by Anonymous Coward · 2008-04-19 10:43 · Score: 2, Funny

forgetting the whole http protocol forever and dusting off the good old Gopher, I bet no ISP has any idea on howto inject into THAT :)