Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTML5 Ads Aren't That Safe Compared To Flash, Experts Say (softpedia.com)

Posted by BeauHD on from the contrary-to-popular-belief dept.

An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.

5 of 108 comments (clear)

  1. Re:you brought this on yourselves by Crashmarik · · Score: 4, Informative

    When people bitched and moaned about ordinary banner ads and started blocking them, advertisers started making ads more intrusive. We could still have simple animated GIF ads except that you freeloaders started blocking them to begin with. Those ads were harmless but, thanks to all of you who had to go and block those ads, we're now stuck with malware and far more intrusive advertising. Thanks a lot for ruining the internet for everyone.

    B.S.

    http://abcnews.go.com/Business...
    http://www.foxnews.com/story/2...

    X10 Pop Under ads ring a bell ?
    And what do you know the fist example of Malvertising is Flash
    https://en.wikipedia.org/wiki/...

  2. Ad blockers by Anonymous Coward · · Score: 3, Informative

    Use them. There is literally no reason not to.
    Time and again we have seen that ads are used to inject malware.
    Why even take the risk?
    I'd rather fuck a stranger without a condom than browse without noscript and adblock.

  3. And firefox sucks by Anonymous Coward · · Score: 0, Informative

    Not that long ago, firefox allowed the user to tick a box and disable javascript, which protects the user from almost all exploits. Very easy to use.

    Then the mozilla people decided this was a bad idea and removed the option entirely.

    You now have to download, trust & configure a third-party plugin to block javascript.

    Maybe they will rethink their decision.

  4. Re:HTML is still better than Flash by Anonymous Coward · · Score: 3, Informative

    But I can just not install flash. What's the best way to get rid of html5 video?

  5. Re: HTML is still better than Flash by Short+Circuit · · Score: 5, Informative

    You could build the browser without video support. Actually trivial to do on Gentoo...

    Gentoo. Not just for ricers.

    --
    tasks(723) drafts(105) languages(484) examples(29106)