Google AdSense Click Fraud Made Possible By Uncloaking Advertisers' Sites

An anonymous reader writes: A Spanish researcher claims to have uncovered a vulnerability in the security procedures of Google's AdSense program which would allow a third party to manipulate clicks on Google's syndicated ad service by 'de-cloaking' the obfuscated advertiser URLs that Google AdSense placements provide as links. He has also provided downloadable PHP files to show the exploit in action.

Java != javascript

[agm]

The document mentioned in the summary repeatedly uses the term "Java" when they mean "javascript". That's such a rookie mistake that it's difficult to take anything else they say seriously.

Re:Java != javascript

[JustAnotherOldGuy]

The document mentioned in the summary repeatedly uses the term "Java" when they mean "javascript". That's such a rookie mistake that it's difficult to take anything else they say seriously.

Yeah, mixing up "java" and "javascript" is kind of a conversation-stopper as far as I'm concerned. It makes my Credibility-O-Meter drop into the negative numbers.

What he's outlined may well be true, but damn, that's is the kind of mistake that makes you wince.

Re:Java != javascript

It's absolutely not. Look at Figure 1 of the PDF you linked. They show JavaScript code (that is clearly identified as such for someone who doesn't even know what it is), but call it Java code. They even go on to call JavaScript files Java files. These are two totally different things. I didn't bother reading any more, but I am sure this is consistently wrong throughout the paper.

Re:Java != javascript

Meh... half the people on this site still use the term "hacker" over "cracker."

Re:Java != javascript

[Xenx]

that's is the kind of mistake that makes you wince.

I don't know if I should laugh or wince at that mistake.