Comments on: Malicious banner ads appear on Expedia, Rhapsody sites http://cubist.cs.washington.edu/Security/2008/02/02/malicious-banner-ads-appear-on-expedia-rhapsody-sites/ Wed, 20 Aug 2008 16:47:36 +0000 http://wordpress.org/?v=2.5.1 By: chrislim http://cubist.cs.washington.edu/Security/2008/02/02/malicious-banner-ads-appear-on-expedia-rhapsody-sites/#comment-209 chrislim Sun, 03 Feb 2008 07:19:58 +0000 http://cubist.cs.washington.edu/Security/2008/02/02/malicious-banner-ads-appear-on-expedia-rhapsody-sites/#comment-209 Well, after reading the article, it seems that Expedia and Rhapsody and really most sites (as you stated at the end) are simply leveraging the services of ad networks which act as middle-men between advertisers and advertising space providers. They do not directly interact with people who want to advertise on their site and so do not immediately have a way to vet their ads. If they were to filter out unwanted ads, it may violate the agreements and guarantees they have made with/to the ad networks (although it is curious that Expedia was able to pull the popup ad that slipped through its system) Perhaps this will become an area of competitive advantage for ad networks (which I believe are in a pretty crowded space now), those who can maintain a higher quality of assurance (@ least in terms of security), may be able to attract more companies that want to open their sites to serve ads, while ensuring an excellent user experience. I noticed the recommendation at the end which mentioned a new class of blockers--a flash blocker...I wonder if this feature will become standard in future versions of IE/Firefox the way banner ad blockers have. It seems like an important feature as these kinds of attacks increase. Well, after reading the article, it seems that Expedia and Rhapsody and really most sites (as you stated at the end) are simply leveraging the services of ad networks which act as middle-men between advertisers and advertising space providers. They do not directly interact with people who want to advertise on their site and so do not immediately have a way to vet their ads. If they were to filter out unwanted ads, it may violate the agreements and guarantees they have made with/to the ad networks (although it is curious that Expedia was able to pull the popup ad that slipped through its system)

Perhaps this will become an area of competitive advantage for ad networks (which I believe are in a pretty crowded space now), those who can maintain a higher quality of assurance (@ least in terms of security), may be able to attract more companies that want to open their sites to serve ads, while ensuring an excellent user experience.

I noticed the recommendation at the end which mentioned a new class of blockers–a flash blocker…I wonder if this feature will become standard in future versions of IE/Firefox the way banner ad blockers have. It seems like an important feature as these kinds of attacks increase.

]]>