Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malware Installed by LiveJournal Ad

CowboyNeal posted more than 8 years ago | from the egg-on-face dept.

199

Jamesday writes "LiveJournal recently introduced an ad-supported level. Over the last few days an advertiser used an ad to install the ErrorSafe malware that tried to trick people into believing they had a fault on the computer that needs them to purchase a fix. The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around.

cancel ×

199 comments

Sorry! There are no comments related to the filter you selected.

Breaking News (3, Insightful)

PakProtector (115173) | more than 8 years ago | (#15596421)

This just in: Capitalism and Morals do not necessarily go hand in hand.

Re:Breaking News (0)

Anonymous Coward | more than 8 years ago | (#15596452)

whose morals ? the ad maker could be believing that he did nothing wrong morally.....

Re:Breaking News (3, Insightful)

cryfreedomlove (929828) | more than 8 years ago | (#15596453)

I'm not sure if I agree or disagree but your post implies that there is an alternative to Capitalism that is hand in hand with positive morality. Please tell us what that is.

Re:Breaking News (2, Funny)

Nutria (679911) | more than 8 years ago | (#15596507)

I'm not sure if I agree or disagree but your post implies that there is an alternative to Capitalism that is hand in hand with positive morality. Please tell us what that is.

Communism. You know, communes, community, kum-bay-yah, matriarchy and all that crap.

Re:Breaking News (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15596519)

Because stealing other people's property, censorship, and outright murder is moral.

Re:Breaking News (4, Interesting)

Anonymous Coward | more than 8 years ago | (#15596610)

Because stealing other people's property, censorship, and outright murder is moral.

Don't confuse communism the theory with the dictatorships the claim to be communist. Communism as a theory disclaims most if not all personal property rights, but it has nothing to do with Murder and Censorship, any more than Capitalism has to do with monitoring bank records and tapping phone calls.

Which doesn't mean I'm pro-communism. The problem with communism is motivation, without the acquisition of something as a goal, what motivation do people have? Who assigns people tasks? Who says the community is best served by Jon running the cash register and Joe cleaning septic tanks? Its a system that sounds great in theory but works like crap in practice

At the same time, there's nothing terribly moral about capitalism either. In an ideal capialist society, The sick, old and infirm are left to die. The people in a capitalistic society may be moral and charitable, setting up orphanages to help stranded children, feeding and housing grandma even when she ran out of savings, but thats not Capitalism.

There are very few examples. (3, Informative)

khasim (1285) | more than 8 years ago | (#15596657)

Here is one. But because it is based upon Christ's teachings, it would be more of a Theocracy with "communism" as it's economic model.
http://www.hutterites.org/ [hutterites.org]

As for being "moral", as long as they do follow their religious code, they are "moral" by definition.

Now, whether the code they follow would be considered "moral" by someone following a different code, well, that's because "morality" is subjective, not objective.

Re:There are very few examples. (-1, Troll)

glitch23 (557124) | more than 8 years ago | (#15596976)

The reason the Holy Bible exists is to provide an absolute set of morals and ethics. If you don't believe that then there is no hope for the world because everyone would just have their own set of morals/ethics despite there already being an absolute set. Many people already do have their own set of morals/ethics unfortunately so we are already going downhill. Of course your argument will be that you don't believe in the Holy Bible or aren't a member of Christianity so you have no reason to follow its teachings. Again, an absolute set has been provided by Christianity and you still choose to create/use your own so who is really at fault at that point?

Re:There are very few examples. (0, Offtopic)

HiThere (15173) | more than 8 years ago | (#15597113)

The bible was created to provide a particular community a set of standards, and guides. If you don't follow those standards and guides, then you are not a moral part of that community.

See it as an open source project. There MUST be coding standards. Just what they are is partially determined by necessity, and partially determined by taste, but the MUST exist. If you don't follow the standards, then your code won't be accepted by the project.

There is nothing particularlly significant about the codes and practices defined in the bible. They don't even WORK! (They did in a society that was basically without government, and which was mainly rural, with poor communicaiton and transportation...but that's not where we are living.) Because of this the Jews needed to invent the commentaries on the Talmud, and the Christians needed to invent church dogma (followed by schisms over details and nomenclature). Today governments attempt to make it impossible to have a viable moral code that isn't defined by them...but as they are basically aoral, their attempts are themselves amoral.

If you must go to a religion for your morals (and since that implies a community of shared beliefs, that means a religion), then I would recommend Judiasm, Buddhism, or Taoism. Avoid the sects that worship authority, as their morals are generally "contribute such power as you have to making the priesthood stronger". (Hey, priests are people too...and one of a persons deepest needs is to feel important. And in the authoritarian sects the priests tell you what the rules are.) Note, however, that all surviving religious groups tend to make demands that a large percentage of the people will find literally impossible to adhere to. (There's a sect of Sikhs [or Jains?] that believe that it's sinful to wear clothes. It still survives, and it's members aren't all practicing nudists...except, possibly, at religious occasions.)

After much study of various options I opted for Zen. NOT Zen Buddhism, and definitely not "school boy Zen". Trying to disentangle the Zen from the Buddhism was quite ... interesting. I still haven't done it, and it's not "moral", because it's a personal activity and not a communal one. Things that you do which don't affect others can have no moral significance.

Re:Breaking News (1, Interesting)

cryfreedomlove (929828) | more than 8 years ago | (#15596546)

Tell us why Communism is more moral than Capitalism.

Re:Breaking News (4, Insightful)

maird (699535) | more than 8 years ago | (#15596638)

http://en.wikipedia.org/wiki/Communism [wikipedia.org] Particularly: "communism as a political goal generally is a conjectured form of future social organization which has never been implemented" IOW, don't confuse the states that purport to be communist with communism. The USSR, China, Cuba, et al are not communist states. They are totalitarian dictatorships claiming to be communist (or that we have dubbed communist regardless of what they claimed to be). A pure communism is moral and not capitalist since there is no self-interest (selfishness) nor any need for it. There's no need to rip anyone off or take advantage of anyone. There is no need for contracts that bind the consumer to the advantage of the vendor. The truth is that communism is probably not achievable by humans, who would want to clean toilets even if you did have the same lifestyle as the head of state. Life on Star Trek starships is communist. Until matter replicators that will freely feed anyone that wants to eat are broadly available on earth communism is impossible but it is moral in ways that capitalism isn't.

Re:Breaking News (3, Insightful)

corbettw (214229) | more than 8 years ago | (#15596693)

A pure communism is moral and not capitalist since there is no self-interest (selfishness) nor any need for it.

In other words, it runs counter to human nature. People are instinctually selfish, and it will never change.

Re:Breaking News (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15596914)

While humans are the cause of failures of idealist systems like capitalism and communism, it cannot be said that these systems run counter to human nature. Humans have the capicity for change. "Human nature" is neither a constant value from human to human nor immutable within a given human. If it were, humans would be nearly identical. Clearly someone like Hitler or Stalin does not have the same underlying "nature" as someone like Siddhartha Gautama or Ghandi.

Re:Breaking News (3, Interesting)

ByteGuerrilla (918383) | more than 8 years ago | (#15596947)

Indeed so. Are humans inherently selfish, or does prolonged exposure to 'dog-eat-dog' systems such as Capitalism breed selfishness amongst humans.

Obligatory smartaleckiness (1)

WilliamSChips (793741) | more than 8 years ago | (#15597038)

Yes, they are.

Re:Breaking News (5, Insightful)

Jacked (785403) | more than 8 years ago | (#15596936)

People are instinctually selfish, and it will never change.

Exactly, and that's not necessarily a bad thing. It is precisely because of self interest that others are willing to offer us their goods and services. One of my favorite quotes puts it much better than I can:

"It is not from the benevolence of the butcher, the brewer, or the baker that we expect our dinner, but from their regard to their own interest." -- Adam Smith

Re:Breaking News (2, Insightful)

mdwh2 (535323) | more than 8 years ago | (#15597104)

A pure communism is moral and not capitalist since there is no self-interest (selfishness) nor any need for it. There's no need to rip anyone off or take advantage of anyone.

No self-interest? How is that achieved? The only way you could do this was to provide everyone with everything they wanted - but no economic system can do that. As you say, we need Star Trek replicators. It's not communism which gets rid of the self-interest - it's the replicators. In a society with unlimited resources, economics doesn't really have much meaning anymore.

There is no need for contracts that bind the consumer to the advantage of the vendor.

Well, just as people often confuse communism with communist states, don't confuse capitalism with the corporatism we see in the US. Contracts like this are state intervention, and not something inherent in capitalism.

I might as well propose another system: Moral capitalism. It works just like capitalism, but everyone is nice to each other.

See, it's easy to come up with moral systems when you can assume how people behave...

Re:Breaking News (1)

rodoke3 (681504) | more than 8 years ago | (#15597126)

I'm not sure if I agree or disagree but your post implies that there is an alternative to Capitalism that is hand in hand with positive morality.

Funny, I saw nothing of the sort.

Re:Breaking News - spin (4, Insightful)

burnin1965 (535071) | more than 8 years ago | (#15596625)

"This just in: Capitalism and Morals do not necessarily go hand in hand."

Caveat Emptor

Doesn't matter if its politics, economics, religion, software, hardware, or even information.

The fact that there are people running businesses with questionable ethics in no way reflects on the morality of the underlying economic philosophy. History easily shows that people who have questionable morals have no difficulty working within the structure of any social philosophy which gains any significant following whether it be economic, religious, or governmental in nature.

So when someone comes around selling their alternative economic philosophy based on the idea that the current system inherently lacks morality, caveat emptor.

burnin

As Keynes said... (2, Interesting)

CarpetShark (865376) | more than 8 years ago | (#15596897)

"Capitalism is the extraordinary belief that the nastiest of men, for the nastiest of reasons, will somehow work to the benefit of us all."

Are there any humans around? (3, Insightful)

Watson Ladd (955755) | more than 8 years ago | (#15596425)

Newspapers clear ads before printing. Radio stations clear ads before airing them, and so do tv stations. Why should websites be any different?

Re:Are there any humans around? (1, Offtopic)

PakProtector (115173) | more than 8 years ago | (#15596436)

Newspapers clear ads before printing. Radio stations clear ads before airing them, and so do tv stations. Why should websites be any different?

Probably because those listed Media Outlets are supposed to have some sort of Integrity behind them, in addition to being Money-Making ventures. MySpace is solely a money-making venture. The Social Networking aspect was just a gimmick to get Ads Viewed.

Re:Are there any humans around? (4, Informative)

Xserv (909355) | more than 8 years ago | (#15596589)

TFA had to do with LiveJournal, not MySpace...

Xserv

Remove head from A** (0)

Anonymous Coward | more than 8 years ago | (#15596630)

Probably because those listed Media Outlets are supposed to have some sort of Integrity behind them

Take your head out of your ass long enough to RTFS. Websites use Dynamic content, and the add serving site was specifically serving different content to hide what they were doing from teh website. Even if they did take reasonable efforts to check the ads that were delivered to their customers, the adware infection would not have shown up.

Re:Are there any humans around? (5, Informative)

Anonymous Coward | more than 8 years ago | (#15596438)

What part of "The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." did you not read?

Re:Are there any humans around? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15596552)

Indeed. Watson Ladd is an idiot and should never be allowed to reproduce.

Re:Are there any humans around? (1)

Scudsucker (17617) | more than 8 years ago | (#15596736)

What part of "The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." did you not read?

No, what part of

"Newspapers clear ads before printing. Radio stations clear ads before airing them, and so do tv stations. Why should websites be any different?"

did YOU not understand? Saying the ads went through a third party server is completely irrelevant to his point. And as this [slashdot.org] poster pointed out, this is part of Livejournal's service, so they are the first ones responsible for their customers using livejournal.com and being infected with malware.

Re:Are there any humans around? (3, Insightful)

rafimg (632613) | more than 8 years ago | (#15596912)

Er, I'm just a bystander in this argument, but I believe you misread the response. The GP is saying that LiveJournal could well have cleared the ad, but that it wouldn't have mattered because they're a US-based company and the malware was designed only to download to IP's outside of the US. The point was not that the ads went through a third party server, which I agree is irrelevant, but that the ad was coded nefariously enough to appear malware-free to anyone looking at it from the US. That doesn't mean LiveJournal isn't responsible, but I do think that makes the error a bit more understandable.

Re:Are there any humans around? (0, Flamebait)

Scudsucker (17617) | more than 8 years ago | (#15596980)

Sure it's more understandable, but that's not the point. The point is that the AC was being an asshat:

"What part of "The ad used a server-side setting and targetted only those outside the US, to prevent LiveJournal's own checks from noticing it. LiveJournal has apologized for the ad and slow response." did you not read?

Baking deniability into the system fools the naive (1)

jbn-o (555068) | more than 8 years ago | (#15597161)

Sounds like an attempt at an excuse for not doing one's own vetting. Allowing anyone to dynamically insert arbitrary content, or outsourcing ad vetting to another party makes one vulnerable and blameworthy. Ultimately, it comes down to what do site administrators value. Now we know.

Re:Are there any humans around? (3, Insightful)

TommydCat (791543) | more than 8 years ago | (#15596472)

Because those ads are not necessarily static or even served up by the publication's servers. If the ad consists of a "add_link_to_offsite_advertiser_server_here", anything that was "cleared" could change without notice. It's rather hard to dynamically change printed copy ;)

Re:Are there any humans around? (4, Interesting)

mpcooke3 (306161) | more than 8 years ago | (#15596504)

Heh, sometimes they do - but you'd be amazed at what goes on in the online advertising world.
One advertising company I used to work for once had a request to configure an ad campaign to run each advert for 30seconds then switch the advert the user was viewing to a different one.

Only later did we discover it was to bypass a websites manual safety check, where they check each advert complies with their rules by watching it for 20 seconds.

Re:Are there any humans around? (4, Insightful)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#15596506)

They did. The ad contains code that skips the malware install if it's running in the US, as for example when it's being screened.

A better question is why displaying an ad can install software on your computer. The LiveJournal posts say it was a Flash ad, so until we get real information it's logical to guess that it exploits one of the vulnerabilities in the Shockwave player.

Re:Are there any humans around? (2, Informative)

larytet (859336) | more than 8 years ago | (#15596836)

this is why i block all ads, even google syndication counters. i probably trust cnn servers , but i can't trust to all that IPs my browser pulls the ads from.

besides slowing down the page download (mostly DNS related issues), disturbing my attention and wasting my time my machine (and IP address) is getting exposed to numerous unknown or little known servers.

chain of ads suppliers can be very long. ad can go from the initial seller via multiple broker companys to reach my Linux/Win32. in any point on the way it can be intentionally or unintentionally corrupted.

Re:Are there any humans around? (1)

Photar (5491) | more than 8 years ago | (#15596664)

They don't clear classified ads. All kinds of scams are running around in those.

Re:Are there any humans around? (0)

Anonymous Coward | more than 8 years ago | (#15596743)

Who in the hell moderated this (the parent) comment up? It is obvious that Watson Ladd did not read the story. He should be scorned, not rewarded, for opening his mouth cluelessly.

Re:Are there any humans around? (1)

BkBen7 (926853) | more than 8 years ago | (#15596801)

Newspapers can't change the ads after its printed, Radio after its broadcasted, or tv after it is shown, you can change the ads on the internet.

This isn't too surprising (5, Interesting)

Khyber (864651) | more than 8 years ago | (#15596432)

I use an ad-supported LJ account, and the mentioned advertisement was made in flash. I had to deal with it a couple of days ago. Hoo-ray for security holes. Can't we just sue the ad company for unauthorized usage of our computer's resources?

Re:This isn't too surprising (1, Flamebait)

PakProtector (115173) | more than 8 years ago | (#15596448)

I use an ad-supported LJ account, and the mentioned advertisement was made in flash. I had to deal with it a couple of days ago. Hoo-ray for security holes. Can't we just sue the ad company for unauthorized usage of our computer's resources?

What unauthorised use? You viewed the webpage, and part of the webpage was said advert. You authorised the use. Just because you were unaware of your doing so does not mean you didn't agree to it. Caveat Emptor.

Re:This isn't too surprising (5, Insightful)

Khyber (864651) | more than 8 years ago | (#15596470)

I don't see any part in the TOS or User-Agreement that states "By viewing this site you agree to have shit you don't want installed on your system by our supporting advertisers."

Re:This isn't too surprising (1)

MustardMan (52102) | more than 8 years ago | (#15596500)

Are you on crack? Viewing a webpage automatically authorizes someone to modify my computer without my knowledge?

Re:This isn't too surprising (4, Informative)

ivan1011001 (751254) | more than 8 years ago | (#15596584)

The tricky thing about authorization is, by definition [google.com] , it requires conscience thought. So one can not authorize something "unaware" of it.

Re:This isn't too surprising (1, Insightful)

Nutria (679911) | more than 8 years ago | (#15596537)

I use an ad-supported LJ account, and the mentioned advertisement was made in flash. I had to deal with it a couple of days ago. Hoo-ray for security holes. Can't we just sue the ad company for unauthorized usage of our computer's resources?

You're using Windows from an account that has Administrator privs, aren't you?

Re:This isn't too surprising (1)

Khyber (864651) | more than 8 years ago | (#15596569)

Yup, yanno why? I'm constantly adminning my home network. CONSTANTLY. pretty hard to set folder permissions and shares and stuff like that when you're not running as admin. Also, Livejournal, before these ads, was a pretty safe and secure site. Now they put in advertising, some of it flash based, and suddenly I'm nailed by one of their ads and malware hits my system. I had no reason to worry about malware when visiting LJ before, now I do. I bet if slashdot alowed flash-based ads there'd be plenty of problems. As it is, my firm belief is that advertisements shoudl be restricted - either they're animated/non-animated .gifs .png or .jpg or text-based like google's. That'll stop alot of ad-based malware from spreading, not all of it, but a fair portion.

Re:This isn't too surprising (4, Informative)

Nutria (679911) | more than 8 years ago | (#15596605)

Yup, yanno why? I'm constantly adminning my home network. CONSTANTLY. pretty hard to set folder permissions and shares and stuff like that when you're not running as admin.

Sucks to use Windows, doesn't it, not being able to use "su -" and control everything from a command window while logged in as a limited-permissions user?

Also, Livejournal, before these ads, was a pretty safe and secure site. Now they put in advertising, some of it flash based, and suddenly I'm nailed by one of their ads and malware hits my system.

Sucks to use IE, doesn't it? Firefox and Flashblocker would have protected you.

Re:This isn't too surprising (1)

sglewis100 (916818) | more than 8 years ago | (#15596643)

Sucks to use Windows, doesn't it, not being able to use "su -" and control everything from a command window while logged in as a limited-permissions user?

Use runas...

Re:This isn't too surprising (1)

toadlife (301863) | more than 8 years ago | (#15597079)

Or SudoWin [sourceforge.net]

Re:This isn't too surprising (1)

Khyber (864651) | more than 8 years ago | (#15596921)

Firefox will not protect you if it's using Flash as it's attack vector. I've gotten ISTSVC and this LJ bastard using Firefox (I tried to submit a story about the ISTSVC incident, but it's still pending review, a month+later.) As it is IE only gets opened for Windows Updates, nothing else, EVER. And for the record - I'm currently having problems nistalling the 64-bit nVidia drivers in Ubuntu. So until that gets fixed - no Ubuntu.

Re:This isn't too surprising (1)

griffjon (14945) | more than 8 years ago | (#15596918)

This is what adblock is for.

ads (3, Funny)

Anonymous Coward | more than 8 years ago | (#15596446)

Slashdot has ads? :)

Obligatory (4, Funny)

BertieBaggio (944287) | more than 8 years ago | (#15596451)

I, for one, do not welcome our new malware-installing overlords!

Re:Obligatory (1)

Naomi_the_butterfly (707218) | more than 8 years ago | (#15596479)

That was haaaardly obligatory as there were no "extra intelligent" things ;)

Google (1)

pe1chl (90186) | more than 8 years ago | (#15596463)

Earlier today I searched on Google Groups and when clicking on a link in the result list I got an ad-page that crashed Seamonkey.

It seems to be commonplace these days...

Re:Google (2, Insightful)

whitehatlurker (867714) | more than 8 years ago | (#15596555)

Oh MY GOD! Won't someone think of the Sea Monkeys?

Seriously, people should be making use of the adblocking functionality in their browsers, or better yet, installing filtering proxies like proxo [proxomitron.info] to halt this crap before it gets to the browser.

Re:Google (1)

pe1chl (90186) | more than 8 years ago | (#15597132)

In this case that won't help because those ads are click-throughs to the search result. When you block them, you will block your search result.

I know publishers hate ad-blockers... (5, Insightful)

BertieBaggio (944287) | more than 8 years ago | (#15596481)

... but they and the advertisers are the ones driving people to them.

No seriously, is it any wonder people turn to ad-blockers? Try reading an informative bit of text when there's a Flash advertisement of box jumping around and flashing like a student at Mardi Gras. I don't care if you are trying to tell me I'm your millionth visitor. You misspelled congratulations! The box makes me wish I had no peripheral vision! FOAD.

Now I know publishers want to make a buck (I have a few websites [sans-advertising] myself), but if the advertisers are going to use annoying/underhand methods, people will take steps to protect themselves. A lot of these companies would do well to look at the sort of program Google offers: inoffensive, targeted, text ads.

In short: make your advertising better -- advertisers AND publishers -- or lose that which you supposedly value. Eyeballs.

Re:I know publishers hate ad-blockers... (0)

Anonymous Coward | more than 8 years ago | (#15596505)

or lose that which you supposedly value. Eyeballs.

My object all sublime I shall achieve in time -- To let the punishment fit the crime! [photobucket.com]

Re:I know publishers hate ad-blockers... (1)

Photar (5491) | more than 8 years ago | (#15596593)

Slashdot's ads drive me crazy. I usually forget how bad the state of internet ads are. Then I'll browse somewhere without adblock plus and it will totally drive me nuts.

Google AdWords = good (3, Insightful)

ThinkingInBinary (899485) | more than 8 years ago | (#15596667)

You know, Google ads are the only ads I look at any more. (Hell, I run them on my own site!) They are short, not ugly (because Google cares [google.com] about the viewer's experience), and quite often very pertinent to the content. I have to try really hard not to puke when I log in to something like Yahoo! Mail! and I see flashing banner ads for "Get your Credit Rating" or "Cheap Mortgages" or "Warning: Your system is broadcasting an IP address! Ph33rz0r teh RFC!". They are the most useless ads ever. The only reason I think they might survive is if the ad networks charge per impression, not per click--because almost nobody would click on them!

Re:I know publishers hate ad-blockers... (0)

Anonymous Coward | more than 8 years ago | (#15596722)

This sort of junk is EXACTLY why I started using ad blocking. After getting hit 3 times by something like that. It was time to do something about it. 0 adware 0 spyware 0 viri in the last 18 months. My *windows* exp is actually nice. No crashes, no slowdowns. Its amazing.

Try this one to start with
http://www.schooner.com/~loverso/no-ads/ [schooner.com]
then combine it with (i put all the hosts into the pac file as a big hosts file is a bad idea and slow)
http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
plus
http://adblockplus.mozdev.org/ [mozdev.org]
plus
http://www.pierceive.com/ [pierceive.com]

plus staying up to date on all patches.

and you have a truely AWSOME experiance.
Surprisingly this actually works semi well as 'advertisers' are cheap. So they tend to use the same web sites over and over to feed the data. Never mind most of the advert servers are *SLOW*. If you look most of the time its waiting on those servers to finish rendering the page.

I use the pac thing because I still use IE quite a bit for different things. Plus it gets a lot of things the other one does not. I could update Adblockk plus to just do it all but this gives me IE blocking as well.

Duh (-1, Flamebait)

Cleon (471197) | more than 8 years ago | (#15596495)

It only goes to show...Bad things happen to people who read LiveJournal.

Re:Duh (1)

SpinJaunt (847897) | more than 8 years ago | (#15596568)

You make sound like someone has been killed..

Just one ad? (4, Interesting)

misleb (129952) | more than 8 years ago | (#15596497)

I once played this web based role playing game a while ago. It was just a so-so game, but one exceptional thing I did notice was that while playing from a Mac I would get randomly named .exe files downloaded to my desktop. Turns out that ads on this game site were just full of malware. Visiting from a Windows computer, I was getting prompted to install crap. So I went to report it on their forums and find out what was being done about it. They didn't care! The site maintainers claimed there was nothing they could do about it. It was their ad provider's fault. All they could say was "you should be running malware protections.." Needless to say, I was outraged by this irresponsibility. I told them off and never visited their god forsaken site again.

How can you NOT take responsibility for malware spread through your own site? I understand that people contract out ads, but geez, come on. No need to draw from the bottom of the barrel.

-matthew

Re:Just one ad? (1)

Nerull (586485) | more than 8 years ago | (#15596779)

This wasn't Utopia, was it?

I quit playing it a few years ago when their ads started playing sound. I'm sure they've gone downhill from there.

simple fix (1, Insightful)

Whammy666 (589169) | more than 8 years ago | (#15596509)

My simple fix for the security problems associated with Flash is to not install flash. Let's face it, 99.9% of flash is just obnoxious ads anyway. Who needs it.

It's for this reason that any webmaster who insists on using 100% flash to view their site deserves a swift kick to the nutsack.

Re:simple fix (3, Informative)

Nutria (679911) | more than 8 years ago | (#15596579)

My simple fix for the security problems associated with Flash is to not install flash. Let's face it, 99.9% of flash is just obnoxious ads anyway. Who needs it.

It's for this reason that any webmaster who insists on using 100% flash to view their site deserves a swift kick to the nutsack.


Google Videos, for one, are all Flash.

Use Firefox and install Flashblock, then you'll have the benefits of both worlds.

Re:simple fix (1)

noamt (317240) | more than 8 years ago | (#15596633)

But there *are* legitimate uses of Flash - like in youtube for example. My solution: use Firefox with FlashBlock: every flash object is turned into a "f" icon, which you have to click to enable.
This rocks.

Re:simple fix (5, Funny)

vivek7006 (585218) | more than 8 years ago | (#15596658)

My simple fix for the security problems associated with Flash is to not install flash. Let's face it, 99.9% of flash is just obnoxious ads anyway

Even better, just disconnect your computer from the internet. Who needs internet? Let's face it, 99.9% of internet is just obnoxious anyway.

Re:simple fix (1)

ScrewMaster (602015) | more than 8 years ago | (#15596953)

Even better, just disconnect your computer from the internet. Who needs internet? Let's face it, 99.9% of internet is just obnoxious anyway.

Mod +2 (Unintentionally Insightful)

Re:simple fix (2, Funny)

WilliamSChips (793741) | more than 8 years ago | (#15597055)

Even better, just disconnect your computer from life. Who needs life? Let's face it, 99.9% of life is just obnoxious anyway.

Re:simple fix (1)

hotdiggitydawg (881316) | more than 8 years ago | (#15596725)

If I had mod points, you would be +5 Amen Brother right now...

Re:simple fix (2, Interesting)

Draelen (920902) | more than 8 years ago | (#15596768)

I think a better way to deal with flash is to use the FlashBlocker plugin for Firefox
All flash-based ads get replaced with a placeholder and a little play button, then you get to selectively enable the ones which you require - http://flashblock.mozdev.org/ [mozdev.org]

Haw! (1, Troll)

imrdkl (302224) | more than 8 years ago | (#15596514)

I gave up on you guys years ago. I'm just here to mock.

Re:Haw! (2, Funny)

heinousjay (683506) | more than 8 years ago | (#15596823)

I'm only here for the blowjobs. I bet our experiences are similarly disatisfying.

Adverts? (4, Insightful)

Karellen (104380) | more than 8 years ago | (#15596520)

Do people still get them? I thought everyone had adblock [mozdev.org] installed.

Re:Adverts? (4, Funny)

erroneous (158367) | more than 8 years ago | (#15596966)

Heh. On my screen your message is directly below this one.

Re:Haw! (Score:1)
by heinousjay (683506) Alter Relationship on 18:36 24th June, 2006 (#15596823)
I'm only here for the blowjobs. I bet our experiences are similarly disatisfying.

Adverts? (Score:3, Insightful)
by Karellen (104380) Alter Relationship on 17:17 24th June, 2006 (#15596520)
Do people still get them? I thought everyone had adblock [mozdev.org] installed.

Which became even funnier when I saw who the post was from.

Re:Adverts? (1)

Karellen (104380) | more than 8 years ago | (#15597015)

:)

Identify the Advertiser (3, Insightful)

richg74 (650636) | more than 8 years ago | (#15596526)

Even our readers have had to endure more than one browser-crashing ad campaign from time to time.


The way to discourage this kind of nonsense is to make sure that the advertisers are identified and given a large public black eye. Probably that's not appropriate if the ad just uncovered a bug in the Flash player, but I think it certainly is in the case where an ad installs spyware.

Did the advertiser know this was going to be done? Quite possibly not, but they are still the ones responsible for the ad: they want the good consequences (more sales), so they have to take the bad ones as well. If their bottom line is hurt, they'll start paying more attention to what their ad agencies and other agents are doing. (This is just an application of Murphy's Golden Rule: the guy who has the gold makes the rules.)

weak effort (5, Insightful)

v1 (525388) | more than 8 years ago | (#15596533)

While it was good of them to pull the ad from the rotation immediately, they failed in several other ways:

(1) they failed to post a notice or provide links for the removal of the malware. At best in the blog there are references that such removal instructions exist, peppered with a warning that some of them are actually malware themselves. They should have made the fix EASY and FOOLPROOF to obtain after getting their readers infected. It's been how long since they got their subscribers infected and they have done nothing more than to stop more of them from getting infected. They helped to break the computers, they should play an active roll in fixing them.

(2) the impression I got from their posts in their blog was that "oops sorry not our fault, not our advertiser's fault, it's one of the ad companies that subscribed to our advertiser". This is a cop-out. When you provide a service like they do, your advertisement is a bundle that comes with your service, and as such you are responsible for its content. I don't care if it's a 3rd party. You take on the responsibility for the content you deliver, regardless of how you get it. You can have legal arrangements with your content providers that provide YOU with a legal remedy, but the grief passes through you. You get sued, and then you sue the ones upsteam that caused you to get sued. You do not "pass the buck" and point a finger up the chain three levels and say not my problem good luck getting anything out of them, because the consumer has no legal recourse against those people. You as the content provider do have a legal recourse against your advertiser, and they have recourse against their affiliate who caused the problem in the first place. This pass the buck mentality is cheap and lazy, and they should be ashamed for trying to pull it.

Re:weak effort (3, Informative)

electronerdz (838825) | more than 8 years ago | (#15596575)

Actually, from their TOS:

VI. INDEMNITY

You agree to indemnify and hold LiveJournal, and its subsidiaries, affiliates, officers, agents, co-branders or other partners, and employees, harmless from any alleged claim or demand, including reasonable attorney fees, made by any third party due to or arising out of your Content, your use of the Service, your connection to the Service, your violation of the TOS, or your violation of any rights of another, whether you are a registered user or not. The user is solely responsible for his or her actions when using the Service, including, but not limited to, costs incurred for Internet access.

and

XIX. LIMITATION OF LIABILITY

YOU EXPRESSLY UNDERSTAND AND AGREE THAT LIVEJOURNAL SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF LIVEJOURNAL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM: (i) THE USE OR THE INABILITY TO USE THE SERVICE; (ii) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICE; (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (iv) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICE; OR (v) ANY OTHER MATTER RELATING TO THE SERVICE.

Won't hold water in the end... (2, Insightful)

OmniGeek (72743) | more than 8 years ago | (#15596765)

As a (hypothetical) site visitor, how does simply visiting the site bind me to their terms? Also, if the malware-laden advertiser hits my machine at my first visit, before I have a chance to evaluate the TOS, there's NO way the TOS can be held to protect them.

Moreover, if the malware violates unauthorized-access statutes, the TOS would be well and truly trumped by such legislation.

Overall, they're in a very weak legal position; a reasonable person would conclude that the best course of action is to mitigate the damage to users, FAST and well, rather than take a ho-hum-not-our-fault attitude. Their response speaks volumes about them...

Re:weak effort (0)

Anonymous Coward | more than 8 years ago | (#15597009)

I think the best thing they could have done was write an exploit that removed the malware. Use the same exploit that installed it there, only when it runs, it uninstalls the malware, and maybe patches the exploit. This way people who didn't notice it installing in the first place wouldn't be bothered with uninstalling it, and it would all happen without them knowing. What could be better?

FlashBlock (1)

electronerdz (838825) | more than 8 years ago | (#15596538)

That is why I use FlashBlock [mozilla.org] . Actually, I use Linux first, so that helps, but when I am on Windows, FlashBlock, in addition to Firefox, helps.

Re:FlashBlock (1)

goofyheadedpunk (807517) | more than 8 years ago | (#15596666)

Meh, FlashBlock is for wimps. Real men use Linux on a PPC machine. No native flash binaries, no worries. Score one for me!

Also, what is the YouTube thing people keep linking to? I guess the grey boxes are nice, but they don't really add much to webpages. Besides that, what's up with Google Video? It's not even video really, just images. You have to download the goddamn avi's to watch anything. I don't see what makes it so useful.

Oh well.

Re:FlashBlock (1)

electronerdz (838825) | more than 8 years ago | (#15596712)

Actually, I have my girlfriend's (yes, girlfriend) old iMac which she just replace with a new MacBook which will be getting Ubuntu. However, I am on vacation, and it is rather hard to install Ubuntu on it from here. But when I get back...

Another reason to use adblockers (0)

Anonymous Coward | more than 8 years ago | (#15596549)

... but thanks to all those that still view all those damn ads and make all this stuff free, but I'd rather shit on the ads :P

I tried to read the apology (4, Funny)

WebHostingGuy (825421) | more than 8 years ago | (#15596609)

But I kept getting problems with my computer while reading the ad filled apology page.

Apparently, I needed to download some software because my computer was out of date. Thank goodness I visited LiveJournal today, which told me to update with their new UrP0wnd.exe update.

similar attack possible by PointRoll [semi-ot] (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15596641)

These jokers [pointroll.com] tried for hours to convince me to install a fairly innocent looking HTML file on my server.

What it does is circumvent the Javascript protection between an iframe and the page it lives on. It gives full access to your site DOM from inside the iframe. The reason is so that their content can "expand out" of the iframe and cover part of the page content.

They claim they don't read your cookies, but that's as far as their "guarantee" goes. Someone malicious on their side could easily read those cookies or access form data, etc.

So my point is - this problem is only going to get worse as advertisers look for more and more obnoxious ways to stick ads in your face.

Finally, the sales lady realized that the site I work for doesn't run ads that expand out of an iframe and admitted that they have an alternative which doesn't require the awful Javascript hack. So it worked out for me in the end. The scary thing was she listed some huge high-profile sites that *did* install their file.

You can read their justification here [pointroll.com] .

Instead of refusing to use Flash... (1, Redundant)

greatcelerystalk (981442) | more than 8 years ago | (#15596649)

You might want to try using the FlashBlock [mozilla.org] extension for Firefox.

Re:Instead of refusing to use Flash... (1)

willabr (684561) | more than 8 years ago | (#15596806)

Using IE6: Tools -> Manage Add-Ons -> Disable Shockwave (Flash)

When you want to use it do the same but enable it

Re:Instead of refusing to use Flash... (1)

greatcelerystalk (981442) | more than 8 years ago | (#15597036)

FlashBlock is, IMO, a lot better than the IE solution. Flashblock replaces the flash content with its own (a play button) and allows the user to decide which flash content to load on each page. On sites I visit frequently, that's very handy.

2Ho8o (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15596653)

needs OS. Now BSDI Fear the reaper

On Slashdot? (1)

MobileTatsu-NJG (946591) | more than 8 years ago | (#15596659)

"Even our readers have had to endure more than one browser-crashing ad campaign from time to time. Thanks for sticking around."

Oh? What happened?

Re:On Slashdot? (2, Funny)

Ed Random (27877) | more than 8 years ago | (#15596970)

Oh? What happened?

Somebody set up us the bomb.

Web advertising considered harmful (1)

Baloo Ursidae (29355) | more than 8 years ago | (#15596726)

and this is a great example of why and how at work. As if you needed another reason to get your ISP to run a web proxy running adzapper [sf.net] or switch to one that does.

Cyberterrorists (2, Interesting)

paulproteus (112149) | more than 8 years ago | (#15596829)

Companies like this make the Internet a frightening, dangerous place. They literally attempted to crack into people's computers without their consent.

Why don't we sue them into the ground as pursuing cyberterrorism as a business model?

Ho ho! (1)

HaDAk (913691) | more than 8 years ago | (#15596986)

God bless anything...that's not windows. :) Being a Mac/Penguin guy myself, it's one of those days that i sit back, sip my glass, and smile at the poor suckers still using windows.

Yawn . . . (1)

jhylkema (545853) | more than 8 years ago | (#15596996)

OS X [apple.com] and Firefox [getfirefox.com] with AdBlock [mozilla.org] and NoScript [mozilla.org] included for good measure == no worries here.

Still think Windows is [cheaper|easier|better|stronger|faster]?

Re:Yawn . . . (2, Informative)

jofi (908156) | more than 8 years ago | (#15597020)

According to TFA, it doesn't use an exploit except the one located between the chair and keyboard. It's a little vague, but a non-admin account in XP would have not allowed "ErrorSafe" to install.

The solution to this? (2, Insightful)

toadlife (301863) | more than 8 years ago | (#15597159)

Simple. Websites need to stop being lazy and host ads on their own servers. Yes, there would beed to be a way for the advertisers to track hits, but there should be a way to do that while keeping the potentially dangerous content off the advertisers site.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>