HTML5 Ads Aren't That Safe Compared To Flash, Experts Say (softpedia.com)

← Back to Stories (view on slashdot.org)

HTML5 Ads Aren't That Safe Compared To Flash, Experts Say (softpedia.com)

Posted by BeauHD on Thursday June 23, 2016 @12:05PM from the contrary-to-popular-belief dept.

An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.

4 of 108 comments (clear)

Min score:

Reason:

Sort:

Re:you brought this on yourselves by Crashmarik · 2016-06-23 12:15 · Score: 4, Informative

When people bitched and moaned about ordinary banner ads and started blocking them, advertisers started making ads more intrusive. We could still have simple animated GIF ads except that you freeloaders started blocking them to begin with. Those ads were harmless but, thanks to all of you who had to go and block those ads, we're now stuck with malware and far more intrusive advertising. Thanks a lot for ruining the internet for everyone.
B.S.
http://abcnews.go.com/Business...
http://www.foxnews.com/story/2...
X10 Pop Under ads ring a bell ?
And what do you know the fist example of Malvertising is Flash
https://en.wikipedia.org/wiki/...
HTML is still better than Flash by Anonymous Coward · 2016-06-23 12:19 · Score: 4, Insightful

With HTML5 ads, the attack surface is the browser. With Flash, the attack surface is the browser plus the Flash plugin.
1. Re: HTML is still better than Flash by Short+Circuit · 2016-06-23 14:33 · Score: 5, Informative
  
  You could build the browser without video support. Actually trivial to do on Gentoo...
  Gentoo. Not just for ricers.
  
  --
  tasks(723) drafts(105) languages(484) examples(29106)
It's never been about the specific tech by FireballX301 · 2016-06-23 12:21 · Score: 4, Insightful

A bad ad network is a bad ad network, whether they're sending out flash units, html5 units, or putting up billboards on a highway overpass. A middleman injecting malware doesn't care what the underlying tech is, they care about if the network vets their shit on delivery.

Nobody with a brain thought HTML5 was 'more secure' than Flash in of itself.