Major ISPs Injecting Ads, Vulnerabilities Into Web

Slashdot

Major ISPs Injecting Ads, Vulnerabilities Into Web 0

Submitted by Rebecca Bug on Saturday April 19 2008, @04:30PM

Rebecca Bug writes "Several Web sites (Wired, eWEEK, WaPo) are reporting on Dan Kaminsky's Toorcon discussion of a serious security risk introduced when major ISPs serve ads on error pages. Kaminsky found that the advertising servers are impersonating, via DNS, hostnames within trademarked domains. "We have determined that these injected servers are, in fact, vulnerable to cross-site scripting attacks. Since these servers are being injected into your trademarked domains, their vulnerability can be used to attack your users and your sites," Kaminsky said, identifying EarthLink, Verizon and Quest among the ISPs."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Major ISPs Injecting Ads, Vulnerabilities Into Web

Load All Comments

Search 0 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Major ISPs Injecting Ads, Vulnerabilities Into Web More Login

Major ISPs Injecting Ads, Vulnerabilities Into Web