Trust And Web Ad Services
Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?
June 5, 2009
Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?In 1984, Ken Thompson, the co-inventor of Unix, wrote a paper for the ACM called "Reflections on Trusting Trust." In it, he stipulated how he could insert a backdoor into the compiler so that even if your code is safe, after being compiled it will get back-doored.
While his paper is about compilers, the concept is trust. How far can you trust anything? How far can what you trust, in turn, trust anything further down the line?
If you write your own programs, then you can be reasonably sure they have no backdoor. Do you also write your own compiler? How about the operating system? The motherboard? The CPU?
There's no end to trust. No matter how paranoid you are, eventually you have to take a leap of faith.
With Websites, this appears to be outsourced advertising services. Websites load these advertisements for their visitors, and often allow them to run dangerous JavaScript, to boot. When users get infected because they accessed your Website, you will be blamed, if not sued.
Much like with other types of partners, make sure you know what kind of content you will see, and what technology they will use. With some, perhaps you can limit their access to a simple jpeg image file. With others, perhaps you can push your liability onto them by asking for assurance on the content being benign.
Trust is what's at stake. How much you trust your content provider and other partners needs to be cleared ahead of time and verified later on.
In your contract, make sure liability is clear. If you choose to accept only jpeg image files, then verify that's what they really are, and then allow no other content. Remember, if you're not careful, it is your own face you will be defacing.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024