Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Advertising Privacy Software The Media News

Malvertising Campaign Hits MSN, NY Times, BBC, AOL 159

An anonymous reader quotes an article on Help Net Security: In the last couple of days, visitors of a number of highly popular media outlets including the NY Times, the BBC, and Newsweek have been targeted with malicious adverts that attempted to install malware (mostly ransomware, but also various Trojans) on their systems. The websites themselves weren't compromised as the problem was with the ad networks these sites use -- Google, AppNexus, AOL, Rubicon. The ad networks were tricked into serving malicious ads to the visitors.
This discussion has been archived. No new comments can be posted.

Malvertising Campaign Hits MSN, NY Times, BBC, AOL

Comments Filter:
  • Ad Blocking (Score:5, Insightful)

    by Anonymous Coward on Wednesday March 16, 2016 @11:30AM (#51707969)

    And then they'll tell us to please unblock them so they can make money on our misfortune.

    • Re:Ad Blocking (Score:5, Insightful)

      by Sax Russell 5449D29A ( 4449961 ) <sax.russell@outlook.com> on Wednesday March 16, 2016 @11:47AM (#51708145)

      I always thought their pleas to unblock their sites should reflect reality: "Please let us serve you malware!"

      Malware distribution via ad networks is a very old an well-known scheme. It would be stupid not to block all ads. As no point can effectively be made without a car analogy; would you not wear your seatbelt if the owner of the road came to you with such plea?

    • Re: (Score:3, Insightful)

      by wulfhere ( 94308 )

      Here's an idea: How about someone writes an ad blocker that DOWNLOADS the ads, just like normal, but simply does not RENDER them on the screen, or execute any code? Seems like the best of both worlds: users that don't want to see the ads don't see them, and websites still get paid, since there's no way to tell if they actually got shown?

      • by AmiMoJo ( 196126 )

        A lot of ads need the Javascript to run in order to display these days. If the Javascript fails they make sure the actual site content doesn't load either.

        • by wulfhere ( 94308 )

          Interesting. Perhaps run the Javascript in a sandbox, but still don't display the resulting ad?

          Oh well, perhaps the liability here needs to fall on the ad networks that are serving up malware without scanning it first. Sort of like if CBS started airing advertisements from some Evil Overlord that caused brain hemorrhages in people who viewed the ads...

          • If I use an ad network to serve up ads I'm still responsible for the content that goes out under my site's name. It doesn't matter that I've outsourced it to a third party.

            • I'd say so, yes. However, I don't see any way to make that mean anything in the real world. You're going to have a hard time proving that you got that malware from your visit to Vladimir's House of Russian Boobs instead of the New York Times (which has served malware), and if you can prove it good luck suing and collecting.

      • by cweber ( 34166 )

        Here's an idea: How about someone writes an ad blocker that DOWNLOADS the ads, just like normal, but simply does not RENDER them on the screen, or execute any code? Seems like the best of both worlds: users that don't want to see the ads don't see them, and websites still get paid, since there's no way to tell if they actually got shown?

        Won't work anymore. Big advertisers want proof that their ad was seen, via Double Verify or similar, and only pay for ads that were in front of users for a certain amount of time. Javascript and CSS make this easy to measure, and hard to work around.

        • The good news is that with a script blocker you also effectively cut out the malicious ads while still allowing the non-exectable ads to come through. This, to me, is a good compromise as it still allows for ad supported content from ad vendors that don't use obnoxious/dangerous ads.

          No need for an ad blocker unless your actual motivation is just to not see ads period

          • I tried that. It turned out that the sites I used started using lots of third-party scripts. I'm willing to accept that, but I can't tell the difference between a source that makes the site work and one that makes the ads work. I installed AdBlock Plus, and simply don't surf where I'm explicitly not welcome.

      • Downloading the ads but not displaying them is still stealing and wasting my bandwidth. The best solution is to simply block them.

      • Huge waste of bandwidth. That's a large problem with ads is that the amount of information and processing to serve up the ads is often greater than the actual content that the user wanted. If someone is on dialup this would be a horrible option to have.

        Another problem is that this is deceptive. You're telling the ad agency that you saw the ad when you didn't, money changes hands, etc. Then the web site learns that this ad service is making it some extra money so it keeps the ad service, drops its plans t

      • by grub ( 11606 )

        Here's an idea: How about someone writes an ad blocker that DOWNLOADS the ads, just like normal, but simply does not RENDER them on the screen, or execute any code?

        There is an extension called Ad Nauseum [github.io] that does what you seem to want. Check it out.
      • When you block an ad and the website doesn't get paid, it only costs them a few cents of bandwidth to serve it to you anyway.

        If you block an ad and the website still gets paid anyway, it'll cost the advertiser anywhere from $1 to $3+ for every false click, less but still quite a bit for every false impression. Soon, they'll refuse to pay the website any further because they get no return on their massive advertising spending.

        The status quo is a carefully balanced arms race. They know that some portion of vi

  • by Anonymous Coward

    And this is exactly why we need to run adblockers.

  • by QuietLagoon ( 813062 ) on Wednesday March 16, 2016 @11:30AM (#51707981)
    I need to protect myself from their security incompetence.

    The websites themselves weren't compromised

    The ads appeared when I visited those websites, therefore it appears the websites are responsible for spreading the malware.

    • "The ads appeared when I visited those websites, therefore it appears the websites are responsible for spreading the malware."

      And if they tell us to switch off our adblocker, it's aiding and abetting.
      Somebody has to sue those idiots some time.

    • by Aighearach ( 97333 ) on Wednesday March 16, 2016 @11:58AM (#51708225) Homepage

      These companies forget why google exists, why they are successful. In the 90s, there were 2 choices; use an add aggregator and get lots of malware, or manage all the ads in-house and lose money because it isn't your core competency and is hard. Google was the one that didn't shop the ads out to fourth parties, they didn't let advertisers choose the HTML code. That meant no malware.

      Users who don't have their own protection will rightly blame the website who exposed them. The scammers basically "are" the NY Times. It is like signing an "online power of attorney" when you let external ad networks choose what HTML you'll serve from your site. They won't ask for that ability in the first place because they have good intentions. If they had good intentions, they'd just want to provide their media, instead of code.

      Not only are they responsible for what they serve, they explicitly chose to give these people the power to do this.

      • by Dr. Evil ( 3501 )

        Search engines in the late 1990s were being trashed by SEO companies. Yahoo's manual curating of the Internet (haha) couldn't keep up. The standard crawler/keyword search tools were generating page after page of useless results.

        Google exists because they had a different algorithm. The fact that they managed their ads carefully is one of the very many reasons they're still relevant... but their existence is entirely because of their search engine.

        • I think the grand parent is talking about how Google became the dominate online ad company, not how it became the dominate online search company.

          Those who two separate events, both important in making what Google is today.

      • by AmiMoJo ( 196126 )

        It's a shame that anti-virus companies are so spineless. If they really wanted to protect their users they would integrate ad blocking into their products, and then start to aggressively push blocking of third party scripts and frames. Add some tracker blocking like the EFF's PrivacyBadger.

        • by Rob Y. ( 110975 )

          Actually, it's not the ad that compromised the computers - it's the piece of software that the ad prompted the users to download and install. Presumably antivirus software could protect against that without blocking the ad. I assume malware that hijacks a computer is illegal, and presumably ad networks don't accept ads anonymously (or do they?). If so, how do they get paid? It shouldn't be too hard to track down someone trying to distribute malware this way...

        • From my perspective as somebody not usually using anti-virus they seem like very different products, and I wouldn't want them merged.

          And when I'm using a virus-scanner professionally, I don't want one that does extra stuff and has extra data to download.

          Also, the virus scanner I would use changes over time. In the 90s, I would just use the McAfee free FTP server (password: ftp123, discontinued many years ago). Then for awhile Norton was the only one that worked well. These days I use AVG. I don't want them

    • Ads are served from other networks through a really long and overly-complex system of stuff I don't care enough about to explain. Basically, they sell page space to other companies and set it up so those companies can inject their content into the site. Those advertising companies were compromised which caused the ads they provided to deliver the malware. "BBC" wasn't hacked but their ads were. The average user won't really know the difference, and because it's all so convoluted and everybody is sleeping wi
    • by tnk1 ( 899206 ) on Wednesday March 16, 2016 @12:11PM (#51708355)

      It is sort of a Catch-22 for the providers. They get money from the ad networks, who are all compromised, but have no way of stopping what is served themselves.
      So, the right solution is to block ads.

      However, if the ad blockers aren't turned off, they get no money from the ad networks.

      Ultimately it is the ad networks who are responsible, and no one is able to hold them accountable except maybe some top flight content providers.

      It would be better for the content providers if they could just shut off ads and find another way to pay for creating their content, but no one wants to reach into their wallets and pay money to do so.

      The one thing that the ad networks do is that they do tend to make getting money to content providers a more simple matter than attempting to obtain and keep subscribers. Subscribers aren't sticker shocked for paying $10 for a site that they just wanted to read one story on, so the general public is paying indirectly by buying products and paying into a pool of advertising money.

      • by AmiMoJo ( 196126 )

        It is sort of a Catch-22 for the providers. They get money from the ad networks, who are all compromised

        Not at all. Google text ads have never been compromised, not least because they only let you set text and no images or Javascript etc. Sure, you get less money, but at least you don't open yourself up to massive financial liability for all the PCs you damage.

        You can also serve the ads yourself if you are big enough, manually vetting each one. Again, you get less money, but soon it will be the only option as everyone starts blocking.

        • by tnk1 ( 899206 )

          I agree that the non-obtrusive ads, like Google's, are generally safer almost by definition.

          However, there is a reason there has been a rush to completely shit up content with flashing, in your face, Javascript and Flash ads. There's a lot of money in text advertising (a fact that Google has taken to the bank), but there's a lot of money being left on the table without ads that catch the eye better.

          I tend to think of the "acceptable" ads campaigns like the ad blockers are doing is sort of like the Washingt

          • Advertisement is a huge waste of resources:

            Companies spend a part of their profits to spread subjective (i.e. false) information.
            This is paid for in the end by the consumers themselves, as the advertising budget is paid from the profits.

            So we as consumers pay, to get annoyed, to get our time wasted, and to get false information.

            Advertisement is a plague of humanity, I'll do everything to shield myself from it.

        • Agreed. The BBC, New York Times, and Newsweek are all large enough to handle advertising themselves. They're much larger than the average clueless blogger hoping to earn enough money from ads to quit his day job.

      • It would be better for the content providers if they could just shut off ads and find another way to pay for creating their content, but no one wants to reach into their wallets and pay money to do so.

        Google contributor is an attempt to do that.
        Personally, I've found that for most websites, when they complain about my ad blocker, I realize I don't really want to go there anyway. My time has been saved for better things.

      • It's not a catch-22. The problem is that they insist on maximizing profits. So instead of serving up their own advertising like a responsible corporation they farm this job out to whichever ad agency provides the best monetization. The simple way to control what ads are presented on your web site is to choose the ads yourself. It's how television, radio, and print media all work.

    • by Falos ( 2905315 )
      If an ISP can be hammered for providing an internet connection ("enabling piracy") we can certainly blame a website for what the third party did.

      Real talk though, precedent or not these wide-net causality chains are bullshit. It's arbitrarily applied, which is another way of saying "weaponized against anyone that lacks power/authority/money/lawyers".
    • by cweber ( 34166 )

      The ads appeared when I visited those websites, therefore it appears the websites are responsible for spreading the malware.

      If it were that easy this wouldn't be a problem. You've got a least three players here: The website running ads and trying to fight off the bad stuff, the ad networks which only sometimes care enough, and the advertiser trying to game the system into running bad ads. It's a continuous arms race, and as a website owner you end up in reactive mode, rather than proactive.

    • The web sites are intentionally going with a third party service to load up the ads. They pretend to keep their hands clean this way. If some company wants to have their own website then they should do the full work of it themselves rather than outsource the advertising side of their business to disreputable services. A print magazine does not send out it's content to a third party to insert randomized ads instead it has the advertising as part of its business, so a web site should be able to do the same

    • but I stick with google's ad program. It doesn't pay much (more than enough to cover the hosting costs and buy a little hardware now and then for testing/development. What can I say, having kids means I don't get to spend paycheck money on hobbies anymore :( ) but in all that time I haven't had my site taken down when users report I've been serving them malware for week...
  • Sure... Maybe... But this is based single reference to a short 5 paragraph "story" on a click-bait site.

    • Here's another site with the story:

      .
      http://www.computerworld.com/a... [computerworld.com]

      ...Trend Micro wrote about the same attack on Monday. Segura said he delayed publishing a blog post while he contacted major advertising networks, including Google's DoubleClick, Rubicon, AOL and AppNexus, to get the malicious advertisements removed. He published a post on Tuesday. ...

    • Some was probably pimping their shitty blog for ad impressions. Here [arstechnica.com] is a link from Ars Technica.

    • by Sloppy ( 14984 )

      Sorry, but one of the rules of this story is that your thread is supposed to say something about ad blockers. Where's your ad blocker comment?

  • I've never seen an advert on the BBC site. I've just had a browse to confirm that. Maybe they have some geo-location check in place.

  • by Snotnose ( 212196 ) on Wednesday March 16, 2016 @11:41AM (#51708093)
    wanna tell me again why it's wrong of me to run an ad-blocker? Try to use bigger words this time, cuz when you use the smaller ones I understand 100% what you're telling me and my Deja-Moo detector goes off.

    Deja-Moo - that feeling you've heard this bull before.
    • /sarcasm The same reason it is "wrong" to close your eyes, mute your sound, and/or go do something else. Oh wait, you implied a valid reason -- there is none -- you're talking to fucktards who don't understand the concept of respect.

      /sarcasm I have a simple solution: Ban all ads -- they are immoral, disrespectful, & malware. /Oblg. And nothing of value was lost.

    • Here is my suggestion to websites that don't want people to use ad-blockers:

      Agree that website visitors will be fully compensated for any damage caused by malicious adverts. And when I say "fully", I mean that the website operator will pay for full cleanup of my PC by a qualified IT professional and pay for my loss of productivity because my PC is inaccessible.

      Don't want to take on that risk? Then don't block people using ad-blockers.

  • by Anonymous Coward on Wednesday March 16, 2016 @11:42AM (#51708097)

    Adblocker & related tools should change their marketing from 'helping you to block ads' to 'helping you avoid Malware/trojans etc.'...e.g. they should advertise & promote themselves as a 'security tool'...everything out of their mouths, on their website etc should be focused on that use case. Any time some politician opens their mouth about how adblockers are 'stealing' or 'ruining' some business the makers of adblocking tools should retort with statements about 'helping users security' etc.

    • by tnk1 ( 899206 )

      I agree that they should play up the security aspect as much as they can, but ultimately I think they are best staying out of the morass of "security" products out there. They are picked by users because they block ads. People hate ads. They hated them before they realized that they were sending malware to their computers. Now they simply hate them even more.

      I think the brand that ad blockers have is their biggest asset right now, actually. But they would definitely benefit by adding security as a big

    • Well you must have missed the day that one of the most useful adblockers got sold and started force feeding you "acceptable ads" and you can disable until you update the plugin again. They also indicated that they are working on a payment system to allow paid ads to circumvent the adblocking plugin. See, most people missed the point. We're 100% dependent on ad blockers and script blockers to safely navigate the internet. No on pays for these applications. Companies and coders don't do shit for free. "
      • by Cederic ( 9623 )

        coders don't do shit for free

        You do realise the internet is pretty much built on code written for free?

      • Thing is, I don't care about ads that follow reasonable guidelines. I want the adblocker primarily for safety, and secondarily to avoid large annoyances. If ads don't autoplay any sound, flash too distractingly, make it hard to use the page, or serve malware, I don't really care.

      • by JazzLad ( 935151 )
        Rob,

        I don't know if you are new here or if you just stopped lurking & got an account, but you have made 3 particularly douchey posts (that I have noticed) on this topic alone. Please spend some more time lurking or figure out what is making you miserable in life and deal with that before posting on Slashdot.

        I mean this sincerely, I don't like to see people as unhappy as you seem to be.

        Bring on the 'flamebait' or 'troll' mods, I have Karma to burn & I felt it needed to be said. Not posting
    • Adblocker & related tools should change their marketing from 'helping you to block ads' to 'helping you avoid Malware/trojans etc.'...e.g. they should advertise & promote...

      May the circle be unbroken.

  • Several years ago this happened to the NYT. It was serving malware ads for the entire weekend. That was the point when I went from ambivalent to pro-adblocker. This is why Forbes is dead to me. Used to link to it a lot.
  • every one of them

  • Surely the ad network(s) or the sites themselves can be sued over this?
    • Surely the ad network(s) or the sites themselves can be sued over this?

      It's all automated, right? The ad "network" has no idea where the ads are coming from or what they contain. Some simple checks, maybe, but the originator is behind several layers of middlemen, so it's hard to identify them. And of course, half the middlemen are in .ua, .ru or .cn domains, and change their names every week.

      So, none of this is surprising and that's why I, too, will continue to run an ad-blocker, as well as noscript.

      • I agree it's not surprising but the only way it's going to change is if someone is held responsible. If they have "no idea where the ads are coming from or what they contain" then they shouldn't be embedding them in their web sites. We ne
        • I agree it's not surprising but the only way it's going to change is if someone is held responsible. If they have "no idea where the ads are coming from or what they contain" then they shouldn't be embedding them in their web sites.

          I hear you. But I'm having trouble believing that "ad networks" who, even when they're operating legitimately, are showing ads offering to lower your credit card interest or help you sell your house, are going to be discriminating or responsible about what they accept or who they accept it from. The whole system's broken. These guys are about as responsible as robocallers.

    • by KGIII ( 973947 )

      You can sue anyone for anything. Really, that's largely true. Feel free to try to bring suit against them. You might just as well throw in (and I'm not kidding) the site, the hosting company, your browser's vendor, the person(s) involved in making the site, the hosting company (if applicable), the owners of the data center(s) (if applicable, the person(s) tasked with operating the data center, the ISP(s) involved, and anyone with "security" in their title at any of the above companies/providers.

      You're not g

  • by Anubis IV ( 1279820 ) on Wednesday March 16, 2016 @11:55AM (#51708205)

    The websites themselves weren't compromised as the problem was with the ad networks these sites use

    If you've configured your site to allow arbitrary content from unknown third-parties, your site is compromised by design. If the mere act of rendering the content that your site is sufficient to get malware, then, yes, your page is compromised. Doesn't matter if the source of the malware was in somebody else's ad service. If that service feeds data directly into your site that you then present to your visitors without any sort of vetting or filtering, then you've allowed that malware to compromise your site.

    Take responsibility, show some respect for your viewers, and stop making excuses. Vet your ads. Serve them from your own servers. Make them first-party. Compelling us to turn off ad-blockers to access your content while not taking steps on your end to protect us from malicious content is sloppy, negligent, and shows an utter and complete disregard for your customers.

    • Oops, accidentally cut some text. Meant to say...

      If the mere act of rendering the content that your site serves or otherwise provides is sufficient to get malware, then, yes, your page is compromised

    • So slashdot is responsible if I post a fake link to an article in a comment that installs malware? Slashdot CONFIGURED their site to allow arbitrary content from third parties (me) and indeed says they are not responsible for said content. Funny how that doesn't hold up for torrent trackers, but I digress. I think you are mistaken. While morally the site is responsible, legally no one is. Not even the ad company. That's the kick in the dick part of all of this.
      • No one said anything about legal liability, but, yes, it is the site's responsibility to vet the ads that are shown on their site. If they don't want to live up to that responsibility then they need to fuck off and die when they whine and complain about ad blockers.

      • So slashdot is responsible if I post a fake link to an article in a comment that installs malware? Slashdot CONFIGURED their site to allow arbitrary content from third parties (me) and indeed says they are not responsible for said content. Funny how that doesn't hold up for torrent trackers, but I digress. I think you are mistaken. While morally the site is responsible, legally no one is. Not even the ad company. That's the kick in the dick part of all of this.

        No. Slashdot does not redirect you to that website. Nor does Slashdot load any object from the URL you posted. Someone must choose to follow your malicious link. When you go to the NYT website you are forced to either accept 3rd party content that the NYT has no control over, or block the ad. Since it is NYT that is redirecting you to the malicious content, they are responsible.

      • Slashdot CONFIGURED their site to allow arbitrary content from third parties (me) [...]

        Our comments are not "arbitrary content" in the sense that I intended it with my previous comment. Our comments have a strictly enforced format made up of text and HTML tags that have been vetted to prevent abuse. Not so with ads, which oftentimes include some combination of iframes, Javascript, cookies, images, Flash, and any number of other objects, none of which have gone through the sort of vetting process that the permissible HTML tags have gone through here.

        And I was speaking ethically, not legally. W

    • "If you've configured your site to allow arbitrary content from unknown third-parties, your site is compromised by design. "

      Stronger version: If you have taken money to specifically configure your site to allow arbitrary content from unknown third-parties, you are an accessory to the resulting crimes..

    • by cweber ( 34166 )

      If you've configured your site to allow arbitrary content from unknown third-parties, your site is compromised by design. If the mere act of rendering the content that your site is sufficient to get malware, then, yes, your page is compromised. Doesn't matter if the source of the malware was in somebody else's ad service. If that service feeds data directly into your site that you then present to your visitors without any sort of vetting or filtering, then you've allowed that malware to compromise your site.

      You do realize that a site only embeds the ad network code, not the final downloaded content? I.e. yes, a site takes some sort of responsibility when deciding to run ads from an ad network. Beyond that, however, every user gets potentially different ads. There are real time bidding platforms and user profiling code in the middle, completely outside the direct control of the website.

      • You do realize that a site only embeds the ad network code, not the final downloaded content?

        Yup. And that's exactly the problem. Just as we'd question the judgment of a ship designer who put a gaping hole below the waterline that let seawater and sea life in, and just as we'd question home builders who decided it was better to simply leave out one of the walls from the final construction, so too should we question any website design choice that entrails giving unknown, untrusted third-parties free access to put anything they want on a site. The fact that the hole was placed there intentionally by

        • Fair enough. Thanks for your clarification. In the interest of full disclosure: I head up the tech teams behind this and its sister site, but not adops or sales. Posting from my corporate account this time.
          • Backing up for a sec, thank you. You guys have been rocking it recently. Love the addition of HTTPS, and it's great to hear that you're bringing UTF-8 support as well in the future.

            And back on topic, I'm know I'm being idealistic (perhaps even naive) in my viewpoint, since there are business realities about the world as it exists today that make the "right" way of doing things difficult or impossible. Even so, the way that ads are delivered today is broken by design and NEEDS to be fixed. That these techniq

  • The guy at this site maintains a crazy list of advertisers and malicious site DNS records... then points them all to 0.0.0.0 using host file format. It has served me well for years now.

    http://winhelp2002.mvps.org/ho... [mvps.org]

  • At times it becomes impossible to browse the web from my phone - it seems like every now and then someone successfully pushes this crap to ad networks, and since 99% of all sites use them it becomes inescapable.

    Google et al should be accountable for offering a service delivering malware. And, web publishers, i know this is not exactly your fault but i don't care. There are a good number of sites i'm no longer visiting because either they redirect me to porn sites every time or reject ad blockers, which i us

    • There are a good number of sites i'm no longer visiting because either they redirect me to porn sites every time or reject ad blockers, which i use to avoid this situation in the first place.

      Same. I just go to the porn sites directly now.

      Get your shit together.

      https://www.youtube.com/watch?... [youtube.com]

  • by Chas ( 5144 ) on Wednesday March 16, 2016 @12:40PM (#51708589) Homepage Journal

    Seriously.

    Sure, some people can (and do) run for extended periods of time without getting compromised without ad blockers or AV.
    In the end, it's just a matter of time before they're infested.

    And yes, compromises on large ad networks like Google may be somewhat rare. But that doesn't help me when a website using their network gives me a drive-by install of Locky or or something that totally hoses all my (or my company's) data.

    As such, there is NO negotiation about ad blocking. It's happening. PERIOD.

    Until the entire ad industry formulates an acceptable ad policy that people can live with, that DOESN'T pose a danger to its users, ad blocking will continue.

    Now content providers are free to take their ball and go home. I don't much give a shit. If given a choice between having my personal and company data destroyed/stolen and watching every content provider on the Internet crash and burn due to lack of ad revenue? Let the fuckers crash and burn!

  • So, here's my question... According to the Trustwave article (and someone who doesn't know Javascript), buried in the 12,000 lines of code...

    Our suspicions grew further when de-obfuscation of the script revealed that it tries to enumerate the following list of security products and tools in order to filter out security researchers and users with protections that would prevent exploitation ... If the code doesn't find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK landing page."

    So, if I understand this properly, if the Javascript code finds these files, it doesn't serve up the malware landing page. So, if I understand it properly, adware networks, along with any other site's Javascript code, can see what files I have on my PC? WTF--can I shut off that ability? I can see no justifiable reason why any Internet site, short of one or two I mi

    • I thought Javascript only had the ability to open a file via a prompt asking the user to select which file to read.

      Who knows, maybe it's Javascript + Flash or Javascript + Java or some other insane mix.

  • by JustAnotherOldGuy ( 4145623 ) on Wednesday March 16, 2016 @01:19PM (#51709003)

    I guess I'll have to turn off Adblock and NoScript so I can take advantage of this wonderful opportunity to get my free malware.

  • Long ago I saw a story about a CEO who admitted cheerfully that half his advertising budget was wasted. He just never knew which half. I couldn't help wondering how he knew that it wasn't all wasted.

    Perhaps people like the average slashdotter find it hard to understand why advertising works. After all, we tend to be well educated and inclined to focus on facts and logic. (We like to think...) But surely it suggests a very disparaging view of the average consumer to think they would be powerfully influenced

    • I tend to think that one reason we still have an internet is because commercial businesses found a way to monetize it. If they had barriers to doing so, there would be a lot less of a reason to develop it, and more push back against it. (Much like the push back against the torrent aggregators or the piracy focused file sharing websites).

      Bitcoin is still legal here because businesses found a use for it and they don't care about the drugs or money laundering. But if they couldn't use it, those other issues

    • So what would be the effect of completely abolishing advertising? (Just as a thought experiment: we can think about how to do it another day).

      As somebody that hasn't watched broadcast TV in 20+ years, seen the decline of magazines and newspapers, and stopped reading even the local weekly newspapers, I can tell you some of the effects. First, I found myself completely out of touch with pop culture. People would talk about things or I'd see some of the advertisements I didn't miss, and there would be bands, celebrities, etc that I've never heard of but had been big for years. I didn't really care for them but some of my friends did, usually the one

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre

Working...