Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Found In OpenX Ad Platform

Posted by Soulskill on from the eroding-what-little-trust-exists dept.

mask.of.sanity writes "A backdoor has existed for at least seven months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers. The backdoor was contained within the official OpenX package and recently removed. Security researchers say it meant those who downloaded the compromised software could have provided attackers full access to their web sites."

3 of 43 comments (clear)

  1. interestingly, has always been open source by Trepidity · · Score: 4, Interesting

    OpenX makes an interesting example of a technically open-source project that fails to benefit from open-source much at all. It's GPL'd, but they don't support any kind of public development (no public revision-control systems or anything), and they even make you register to download the source. The page where you do so mostly just tries to convince you not to do so. A third-party site mirrors the open-source version for no-login downloads, but it seems just out of personal interest, since he's the developer of a predecessor to OpenX. It's not clear there is anybody who cares about this codebase or ever looks at it outside the company. Hence, technically open-source, but trying as hard as possible not to be.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:interestingly, has always been open source by wimg · · Score: 5, Interesting

      I'm the third party you're talking about, the developer of phpAdsNew. Sadly, things took a turn for the worse when the company OpenAds (now OpenX) decided to make a business out of the advertising server. Although they've made a lot of money, the open source version has been neglected completely.

      I put the download page online because I didn't like the fact that you had to register, but I'm haven't been involved in the project since 2002, so there's not much I can do about this shameful bug.

  2. Re: Would you steal a Car? by 0123456 · · Score: 4, Insightful

    Ha-ha-ha.

    At work we have a PC which runs with no ad-blocking. Opening a web site often involves staring at a blank window for thirty seconds or more with a status bar saying something like 'Waiting for ads.bollockx.com'.

    If the web wasn't such an ad-infested Swamp Of Suck, people wouldn't be blocking them.