Major ISPs Injecting Ads, Vulnerabilities Into Web

Rebecca Bug writes "Several Web sites (Wired, eWEEK, The Washington Post) are reporting on Dan Kaminsky's Toorcon discussion of a serious security risk introduced when major ISPs serve ads on error pages. Kaminsky found that the advertising servers are impersonating, via DNS, hostnames within trademarked domains. 'We have determined that these injected servers are, in fact, vulnerable to cross-site scripting attacks. Since these servers are being injected into your trademarked domains, their vulnerability can be used to attack your users and your sites,' Kaminsky said, identifying EarthLink, Verizon and Qwest among the ISPs."

Re:Verizon

[rmerry72]

The opt-out instructions don't work, at least here in eastern Massachussetts. And there's no way to complain about it short of calling tech support and waiting on hold for 40 minutes.

I'm sure you could opt-out by cancelling your Verizon service. Since you haven't then this "service" is worth what you pay for it. See: the free market works - you get the service you want.