Online Ads vs. Security: An Invisible War

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

BrianN060,
User Rank: Ninja
3/23/2018 | 10:32:04 AM

Websites no longer are sites

Thanks for starting the discussion - and I think that's what's needed most.

A core problem is that the concept of a website has changed so dramatically. Rarely is - A - website - A - place, or the site owner -THE - provider of code and content; or the sole, or even primary, consumer of data extracted from the visitor. Don't leave out the parts played by (and motivations of), browser vendors or the web-search providers.

Together, these factors contribute to a diffusion of responsibility for what happens to a "site" visitor - in terms of security, privacy and experience. The result is that nobody accepts responsibility.

Is what we have really what we want? We'll have to look closely at the interplay of motivations that brought us to this situation; and then look at how we might rework the site-visitor-browser paradigm.

Reply | Post Message | Messages List | Start a Board

macker490,
User Rank: Ninja
3/21/2018 | 9:24:49 AM

response options

advertisers are no more likely to go away than politics or flu season. what is needed is better browser code with much of the trash material simply re-directed to NUL

try the new reader plug-in on Firefox. They did a good job with this. i think it suggests the direction we need to go in browser coding

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Understanding Cyber Attackers - A Dark Reading Nov 17 Event

Black Hat Europe - December 5-8 - Learn More

Black Hat Middle East & Africa - November 15-17 - Learn More

More Informa Tech Live Events

White Papers

Top Cloud Threats to Cloud Computing: Pandemic Eleven

2022 Cyberthreat Defense Report

The State of Threat Prevention

IT and OT Convergence Is Happening, but Is Security Ready?

Analyzing the Economic Benefits of Microsoft Defender for IoT

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

How Machine Learning, AI & Deep Learning Improve Cybersecurity

Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-40363
PUBLISHED: 2022-09-29

A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.

CVE-2022-40890
PUBLISHED: 2022-09-29

A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.

CVE-2022-39250
PUBLISHED: 2022-09-29

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of...

CVE-2022-40126
PUBLISHED: 2022-09-29

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

CVE-2022-40475
PUBLISHED: 2022-09-29

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]