Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Online Ads vs. Security: An Invisible War
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
 User Rank: Ninja
3/23/2018 | 10:32:04 AM
Websites no longer are sites
Thanks for starting the discussion - and I think that's what's needed most. 

A core problem is that the concept of a website has changed so dramatically.  Rarely is - A - website - A - place, or the site owner -THE - provider of code and content; or the sole, or even primary, consumer of data extracted from the visitor.  Don't leave out the parts played by (and motivations of), browser vendors or the web-search providers. 

Together, these factors contribute to a diffusion of responsibility for what happens to a "site" visitor - in terms of security, privacy and experience.  The result is that nobody accepts responsibility.   

Is what we have really what we want?  We'll have to look closely at the interplay of motivations that brought us to this situation; and then look at how we might rework the site-visitor-browser paradigm. 
macker490
50%
50%
macker490,
 User Rank: Ninja
3/21/2018 | 9:24:49 AM
response options
advertisers are no more likely to  go away than politics or flu season.   what is needed is better browser code with  much of the trash material simply re-directed to NUL

try the new reader plug-in on Firefox.   They did a good job with this.   i think it suggests the direction we need to go in browser coding


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.