Sunbeltblog comments

This is not about the ads, but I think something is wrong with Snopes. I tried going today, and it wouldn't load. I tried reloading three times, and it wouldn't load.
Mark | 02.05.08 - 1:57 pm | #

Gravatar Probably would have been better to mention it on one of the Snopes posts
Paperghost | Homepage | 02.05.08 - 2:07 pm | #

Gravatar Well, I thought no one would look because it was old-ish news. By the way, am I the only one with this problem?
Mark | 02.05.08 - 2:39 pm | #

Gravatar At this point, I'm speaking for what may well be the entire internet when I say "yes" Wouldn't worry, probably just a temporary thing.
Paperghost | Homepage | 02.05.08 - 3:44 pm | #

Gravatar Okay, so that nightmare I had about getting a SpyAxe infection is not prophetic? Yes, I'm not kidding, I had a nightmare about this.
Mark | 02.05.08 - 4:36 pm | #

Gravatar SpyAxe nightmares? Ok, I guess I'm doing something wrong. All my nightmares have werewolves and zombies in them.

...wow, this is a weird conversation.

So yeah, anyway, Sandi. She's been covering these banner ads for a LONG time. Good to see she's getting props for her (extremely extensive) work on this stuff.

Good thing is she's managed to reach a LOT of ad network people with her writeups, which is pretty good going at the best of times.
Paperghost | Homepage | 02.05.08 - 4:40 pm | #

Gravatar By the way, a flash update came out today, I'm not sure if it will address this issue, but it's worth noting. I've also had WinFixer nightmares, not to mention nightmares where I couldn't unplug the computer during a dangerous event, and nightmares where I'm kidnapped by a swarm of flies.
Mark | 02.05.08 - 6:50 pm | #

Gravatar Malicious swf files have to do with the Flash format itself, not a vulnerability. Unfortunatley, Adobe does not allow end users to change these settings.
Alex Eckelberry | 02.05.08 - 7:19 pm | #

Gravatar That's what I was worrying about (not really, but it's far more dramatic to say that). Well, can you try and fail to persuade Adobe to please let us change the settings for our own good? Will they listen to geniuses?
Mark | 02.05.08 - 7:48 pm | #

Gravatar Who knows...
Alex Eckelberry | 02.05.08 - 8:28 pm | #

Gravatar *****
Malicious swf files have to do with the Flash format itself, not a vulnerability. Unfortunatley, Adobe does not allow end users to change these settings.
*****

Is this one of the reasons why people are getting excited about Silverlight (I ask, because I know virtually nothing about Silverlight)
AlphaFenris | 02.05.08 - 8:40 pm | #

Gravatar You're not alone on that matter. I had never even heard of SilverLight until I got NoScript.
Mark | 02.05.08 - 8:51 pm | #

Gravatar Something wrong with the swf link, Alex? Shows up as about:Hardmeier, which really serves no function.
Blake C. | 02.05.08 - 9:13 pm | #

Gravatar Blake, that's odd. I fixed it.
Alex Eckelberry | 02.05.08 - 10:11 pm | #

Gravatar Sandi said elsewhere:

"This is a social engineering attack as well as a drive-by download."

"Firefox... users... will also see the redirect and pop-up window warning of infection"

http://www.scmagazineus.com/Mali...article/104827/

My interpretation is that IE users get the drive-by download by virtue of Flash being able to open a new, malicious page in the trusted zone.

Am I right??

Can anybody throw some light on this?
Donald | 02.06.08 - 4:50 am | #

Gravatar Hi all,

Flash is not able to open "a new malicious page in the trusted zone", *unless* the malicious domain was already in the trusted zone.

In other words, Flash cannot elevate security permissions, nor can it add sites to IE's trusted zone.

Sandi
Sandi | Homepage | 02.06.08 - 7:19 pm | #

Gravatar Thanks Sandi,

Under what circumstances does the drive-by download you mentioned occur then?
Donald | 02.08.08 - 3:32 am | #

Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan