Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Advertising

Backdoor Found In OpenX Ad Platform 43

Posted by Soulskill from the eroding-what-little-trust-exists dept.
mask.of.sanity writes "A backdoor has existed for at least seven months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers. The backdoor was contained within the official OpenX package and recently removed. Security researchers say it meant those who downloaded the compromised software could have provided attackers full access to their web sites."
This discussion has been archived. No new comments can be posted.

Backdoor Found In OpenX Ad Platform More

Backdoor Found In OpenX Ad Platform

Comments Filter:

  • OpenX makes an interesting example of a technically open-source project that fails to benefit from open-source much at all. It's GPL'd, but they don't support any kind of public development (no public revision-control systems or anything), and they even make you register to download the source [openx.com]. The page where you do so mostly just tries to convince you not to do so. A third-party site mirrors the open-source version [opensource.be] for no-login downloads, but it seems just out of personal interest, since he's the developer of a predecessor to OpenX. It's not clear there is anybody who cares about this codebase or ever looks at it outside the company. Hence, technically open-source, but trying as hard as possible not to be.

  • Everything has "Hidden Backdoors" in it... (Score:3, Interesting)

    by dryriver ( 1010635 ) on Tuesday August 06, 2013 @04:10PM (#44490461)
    ... its just a question of how long it takes - how many months or years - for the backdoor's existence to become public knowledge. ---- Once the backdoor is revealed to be there, of course, the whole thing is spun as an "unintentional software/system vulnerability". ---- Nobody ever admits that the backdoor was put where it is very much on purpose, and WITH/FOR a purpose... =) My 2 Cents...

  • Re:interestingly, has always been open source (Score:4, Interesting)

    by Karzz1 ( 306015 ) on Tuesday August 06, 2013 @04:16PM (#44490515) Homepage
    While there are certain hurdles, there certainly is an officially supported revision-control system: https://svn.openx.org/ [openx.org]

    Having said that, I don't see much there that is newer than the official "community" release.

  • Re:interestingly, has always been open source (Score:5, Interesting)

    by wimg ( 300673 ) on Tuesday August 06, 2013 @06:11PM (#44491705) Homepage

    I'm the third party you're talking about, the developer of phpAdsNew. Sadly, things took a turn for the worse when the company OpenAds (now OpenX) decided to make a business out of the advertising server. Although they've made a lot of money, the open source version has been neglected completely.

    I put the download page online because I didn't like the fact that you had to register, but I'm haven't been involved in the project since 2002, so there's not much I can do about this shameful bug.

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close