[ NNSquad ] Fwd: Major ISPs Injecting Ads, Vulnerabilities Into Web

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Fwd: Major ISPs Injecting Ads, Vulnerabilities Into Web

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Fwd: Major ISPs Injecting Ads, Vulnerabilities Into Web
From: "Roy J. Tellason" <rtellason@verizon.net>
Date: Sun, 20 Apr 2008 14:01:01 -0400
Organization: as necessary

This was posted on a mailng list I carry here,  by a friend of mine who 
happens to work for Comcast.  But since he's not authorized to speak for 
them,  I've redacted things that would indicate his identity...

----------  Forwarded Message  ----------

Subject: Fwd: Major ISPs Injecting Ads, Vulnerabilities Into Web
Date: Sunday 20 April 2008 06:30

> Not completely new, I mean wasn't Rogers injecting ads in search
> pages? But important point about security ...

I thought it was Cox, Charter, or TW.  I hadn't heard about Rogers
doing that.  Could've missed it, though.

> ------- Forwarded message -------
> From: timothy <help@slashdot.org>
> Subject: Major ISPs Injecting Ads, Vulnerabilities Into Web
> Date: Sat, 19 Apr 2008 18:28:00 -0400
>
> Rebecca Bug writes "Several Web sites (Wired, eWEEK, The Washington
> Post) are reporting on Dan Kaminsky's Toorcon discussion of a serious
> security risk introduced when major ISPs serve ads on error pages. Kaminsky
> found that the advertising servers are impersonating, via DNS, hostnames
> within trademarked domains. 'We have determined that these injected servers
> are, in fact, vulnerable to cross-site scripting attacks. Since these
> servers are being injected into your trademarked domains, their
> vulnerability can be used to attack your users and your sites,' Kaminsky
> said,  identifying EarthLink, Verizon and Quest among the ISPs."
>
> Read more of this story at Slashdot.
>
> Article:
> http://rss.slashdot.org/~r/Slashdot/slashdot/~3/273760812/article.pl

I know that Comcast does *not* do this.  I spoke with one of the attorneys in 
our legal department about this very issue, and we agreed that it would be 
serious privacy violation.  (This was at the CableLabs Winter Conference in 
February, where we were both approached by a vendor of this kind of service.)

--
(Sig snipped)
-------------------------------------------------------

-- 
Member of the toughest, meanest, deadliest, most unrelenting -- and
ablest -- form of life in this section of space,  a critter that can
be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
-
Information is more dangerous than cannon to a society ruled by lies. --James 
M Dakin

Prev by Date: [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
Next by Date: [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
Previous by thread: [ NNSquad ] Text of my prepared remarks for the Stanford FCC hearing
Next by thread: [ NNSquad ] FW: P2P Infrastructure Workshop Announcement, May 28, 2008
Index(es):
- Date
- Thread