I have no details on this particular hack, but ad networks have been a problematic vector for a few years now. In 2007, Dan Boneh's team spent $50 to test the potential of a Flash-based networking exploit. He got into 100,000 networks.
On May 15, 2009, at 4:38 PM, "Larry Seltzer" <[email protected]> wrote: > Has it? I'd like to learn more but nobody's reporting any details. > What > was the malware? Is it still on the network? I've seem malware through > ad networks lots of times; are there other domains besides Drudge that > they're not allowed to view at DOJ? > > Larry Seltzer > Contributing Editor, PC Magazine > [email protected] > http://blogs.pcmag.com/securitywatch/ > > > -----Original Message----- > From: Dan Kaminsky [mailto:[email protected]] > Sent: Friday, May 15, 2009 7:35 PM > To: Gregory Hicks > Cc: [email protected]; Larry Seltzer > Subject: Re: [funsec] U.S. Attorney's office tells employees not to > log > on to Drudge Report > > To be fair, this has been a real problem. > > > > On May 15, 2009, at 2:31 PM, Gregory Hicks <[email protected]> > wrote: > >> >>> Date: Fri, 15 May 2009 16:07:58 -0400 >>> From: "Larry Seltzer" <[email protected]> >>> To: <[email protected]> >>> Subject: [funsec] U.S. Attorney's office tells employees not to log >>> on >> to Drudge Report >>> >>> http://www.politico.com/news/stories/0509/22574.html >>> >>> "Asked why the conservative-leaning news aggregator and President >>> Barack Obama critic was flagged by Internet security officials, >>> Tracy >>> Schmaler, a Department of Justice >>> <http://www.politico.com/news/stories/0509/22508.html> spokeswoman, >>> said it was because "a malicious code was found contained in a Web >>> ad >>> on Drudge."" >>> >>> How come only the DOJ knows about this and nobody else? >> >> Because the DoJ needed some excuse to tell the workerbees... >> >> >> --------------------------------------------------------------------- >> Gregory Hicks | Principal Systems Engineer >> | Direct: 408.569.7928 >> >> People sleep peaceably in their beds at night only because rough men >> stand ready to do violence on their behalf -- George Orwell >> >> The price of freedom is eternal vigilance. -- Thomas Jefferson >> >> "The best we can hope for concerning the people at large is that they >> be properly armed." --Alexander Hamilton >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
