The InfoSec Blog
1Nov/16

Online Ad Industry Threatened by Security Issues

http://www.databreachtoday.com/online-ad-industry-threatened-by-security-issues-a-9488

Most people use ad blockers because they're irritated with some of the intrusive ways ads are presented. But there are also compelling security arguments behind ad blockers. By blocking ads, consumers are better insulated against security risks from malvertisements.

The social media site Reddit, which can be a rich traffic source for publishers, warns users of links to content that demand people to disable their ad blockers, including publishers such as Forbes and Wired.

"Warning! Disabling your ad blocker may open you up to malware infections, malicious cookies and can expose you to unwanted tracker networks," Reddit's warning says. "Proceed with caution."

I don't know whether to be glad or worried by this.
It may be considered unsocial of me, but I use adblockers.

The TV industry found out long ago that people were willing to pay a bit extra for a 'subscription service' that managed without adverts. Well, almost. Some services are heavily into self promotion even to the point of 'advertising' their extra-cost services, special early release movies or additional 'channels'. Whatever. Still annoying.

A few, a very few, 'newspapers' and 'magazines' won't let you read ANY articles if you have an adblocker. "Inc" comes to mind. Many more limit the number that can be red by your IP per month unless you have a subscription, a real killer if you make use of a library or Internet Café for your connection.

Many publishers are pushing back, warning users that they can no longer access free content if ad-blocker software is enabled. That forces security-conscious users to make an uncomfortable choice: open up their computer to attacks or forgo the content.

What it amounts to is that they are going to screw money out of you one way or another. The "they" being variable.

Earlier this month, a digital ad industry group, the Trustworthy Accountability Group, or TAG, released the first-ever set of guidelines for how ad companies can scan their content to ensure they're not distributing malware. The recommendations are voluntary, but mark an important step forward if the industry wants to keep regulators at bay.

Governments "are starting to understand that the delivery vector for ransomware is the internet - it's not email, it's the web," says Chris Olson, co-founder and CEO of The Media Trust, a security and compliance vendor focused on digital media.

As far as I can tell, "voluntary" means 'toothless'.
As far as I can tell with the GAO edicts to US government agencies about security government guidelines are toothless, and unless there's 'teeth' such as pulling licenses such as the FDA can do, government regulations are meaningless

What works, sort of, to a degree, is PCI:DSS. It works because there is a meaningful financial incentive and proper 'teeth'. Well, OK, "compliance =/= security", but its a step in the right direction, even if it is downloading responsibility from the banks to the vendors.

Personally think this is a classic case of "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology".

But what it boils down to is this:

We can't solve problems by using the same kind of thinking we
used when we created them.
-- Albert Einstein

Which is exactly what they're doing!

 

Posted by Anton Aylward

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.