Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Found In OpenX Ad Platform

Posted by Soulskill on from the eroding-what-little-trust-exists dept.

mask.of.sanity writes "A backdoor has existed for at least seven months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers. The backdoor was contained within the official OpenX package and recently removed. Security researchers say it meant those who downloaded the compromised software could have provided attackers full access to their web sites."

4 of 43 comments (clear)

  1. interestingly, has always been open source by Trepidity · · Score: 4, Interesting

    OpenX makes an interesting example of a technically open-source project that fails to benefit from open-source much at all. It's GPL'd, but they don't support any kind of public development (no public revision-control systems or anything), and they even make you register to download the source. The page where you do so mostly just tries to convince you not to do so. A third-party site mirrors the open-source version for no-login downloads, but it seems just out of personal interest, since he's the developer of a predecessor to OpenX. It's not clear there is anybody who cares about this codebase or ever looks at it outside the company. Hence, technically open-source, but trying as hard as possible not to be.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:interestingly, has always been open source by Karzz1 · · Score: 3, Interesting

      While there are certain hurdles, there certainly is an officially supported revision-control system: https://svn.openx.org/

      Having said that, I don't see much there that is newer than the official "community" release.

      --
      Beware of he who would deny you access to information, for in his heart he dreams himself your master.
    2. Re:interestingly, has always been open source by wimg · · Score: 5, Interesting

      I'm the third party you're talking about, the developer of phpAdsNew. Sadly, things took a turn for the worse when the company OpenAds (now OpenX) decided to make a business out of the advertising server. Although they've made a lot of money, the open source version has been neglected completely.

      I put the download page online because I didn't like the fact that you had to register, but I'm haven't been involved in the project since 2002, so there's not much I can do about this shameful bug.

  2. Everything has "Hidden Backdoors" in it... by dryriver · · Score: 2, Interesting

    ... its just a question of how long it takes - how many months or years - for the backdoor's existence to become public knowledge. ---- Once the backdoor is revealed to be there, of course, the whole thing is spun as an "unintentional software/system vulnerability". ---- Nobody ever admits that the backdoor was put where it is very much on purpose, and WITH/FOR a purpose... =) My 2 Cents...

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.