|
Vulnerability in OpenX advertisement server - AfterDawn's ads affected as well
|
|
The following comments relate to this news article:
article published on 12 September, 2010
There is an un-patched vulnerability in OpenX advertisement server that affected the advertisement delivery at AfterDawn.com for short while today. The vulnerability was used to tamper specific files on our advertisement server, which caused advertisements fail to load. Advertisements are served from an isolated server, and no other AfterDawn services were affected at any stage.
The vulnerability ... [ read the full article ]
Please read the original article before posting your comments.
|
AfterDawn Addict
|
12. September 2010 @ 07:22 |
Link to this message
|
|
and this is news how? The less ads the better imo.
MGR (Micro Gaming Rig) .|. Intel Q6600 @ 3.45GHz .|. Asus P35 P5K-E/WiFi .|. 4GB 1066MHz Geil Black Dragon RAM .|. Samsung F60 SSD .|. Corsair H50-1 Cooler .|. Sapphire 4870 512MB .|. Lian Li PC-A70B .|. Be Queit P7 Dark Power Pro 850W PSU .|. 24" 1920x1200 DGM (MVA Panel) .|. 24" 1920x1080 Dell (TN Panel) .|. |
|
Advertisement
|
|
|
|
I hate titles
35 product reviews
|
12. September 2010 @ 07:28 |
Link to this message
|
Originally posted by shaffaaf:
and this is news how? The less ads the better imo.
In a way that
a) By changing the ad code dramatically, the ad server could go past all ad blocks.
b) People who got into the OpenX could start delivering auto-installing malware via some of the largest websites in the world.
...Luckily that didn't happen for us, they just managed to disable the ad server. But the vulnerability is there, without an official patch available.
This message has been edited since posting. Last time this message was edited on 12. September 2010 @ 07:34
|
|
5fdpfan
Member
|
12. September 2010 @ 10:23 |
Link to this message
|
|
No ads? Aw what a shame. I mean it just sucked so bad actually having the freedom to move my mouse curser around wihtout fear of bringing up an ad by hovering over a certain key word or phrase. I realize these annoyances probably are what keep this from becoming a membership site but just the same, I wasn't shedding any tears with them gone.
|
Senior Member
2 product reviews
|
12. September 2010 @ 12:26 |
Link to this message
|
Originally posted by 5fdpfan:
No ads? Aw what a shame. I mean it just sucked so bad actually having the freedom to move my mouse curser around wihtout fear of bringing up an ad by hovering over a certain key word or phrase. I realize these annoyances probably are what keep this from becoming a membership site but just the same, I wasn't shedding any tears with them gone.
The ads you're talking about don't show up when you're logged in, as far as I know.
If I remember right, aD can't accept donations due to Finish law. Because of this they have to have ads in order to pay for the site's servers.
"The only people who should buy Monster cable are people who light cigars with Benjamins." - Gizmodo
This message has been edited since posting. Last time this message was edited on 12. September 2010 @ 12:27
|
Senior Member
|
12. September 2010 @ 16:07 |
Link to this message
|
|
I'll never understand what all the bitching about ads on free services is about. Shut the hell up and ignore the ads if you don't want to see them. Servers don't pay for themselves. The internet isn't for free either. All the working that goes into a site like this require compensation. So either pay up or shut the hell up daft sack bags.
Tell me do you people whine like little bitch asses when you watching TV? Even some premium channels advertise so whats the prob huh nut sacks?????
XXYYQQOO!!! Yeah WELCOME TO JAMROCK
 |
|
SomeBozo
Member
2 product reviews
|
12. September 2010 @ 17:03 |
Link to this message
|
This and other issues are reason Apple and others don't like flash. Flash from my experience has been of the lower end of the quality scale. Working for a large software company, we reported numerous vulnerability in in flash and they appeared to have an attitude "That is not our concern..."
|
AfterDawn Addict
1 product review
|
12. September 2010 @ 17:17 |
Link to this message
|
|
Will my Afterdawn account get hacked?
|
|
SomeBozo
Member
2 product reviews
|
12. September 2010 @ 17:23 |
Link to this message
|
Originally posted by Mik3h:
Will my Afterdawn account get hacked?
The problem is most likely someone could exploit a cross site scripting vulnerability, depending on what your security settings are, ya you could easily be hacked. That is the problem with flash.
|
Member
|
12. September 2010 @ 18:32 |
Link to this message
|
|
Mik3h, Dude read the article. The attack was on their advertisement software which stated that the issue was on a isolated server and the main site was not touched. As it is i am sure there is a site backup done every 24 hours so don't worry about your account, if there is a problem it is just a matter of loading the tables and fixing the issue.
As for OpenX software itself, why would the developers leave such a opening for a peroid of time. Is it a dead project or are the developers lazy, as undeveloped as the internet is we still have a long way to go at this rate.
|
|
SomeBozo
Member
2 product reviews
|
12. September 2010 @ 21:08 |
Link to this message
|
Originally posted by Zealousi:
Mik3h, Dude read the article. The attack was on their advertisement software which stated that the issue was on a isolated server and the main site was not touched. As it is i am sure there is a site backup done every 24 hours so don't worry about your account, if there is a problem it is just a matter of loading the tables and fixing the issue.
As for OpenX software itself, why would the developers leave such a opening for a peroid of time. Is it a dead project or are the developers lazy, as undeveloped as the internet is we still have a long way to go at this rate.
You, sure... yet another hole :(
AfterDawn: News
http://www.afterdawn.com/news/article.cf...der_and_acrobat
|
AfterDawn Addict
1 product review
|
13. September 2010 @ 00:05 |
Link to this message
|
|
"The vulnerability has been known for a long time but has not been patched to date."
"The server has now been re-installed, the vulnerability fixed and all traces of tampering removed. We apologize for any inconvenience."
One of those statements must be wrong...how can you patch a vulnerability if it cannot be patched?
|
I hate titles
35 product reviews
|
13. September 2010 @ 01:51 |
Link to this message
|
Originally posted by KillerBug:
"The vulnerability has been known for a long time but has not been patched to date."
"The server has now been re-installed, the vulnerability fixed and all traces of tampering removed. We apologize for any inconvenience."
One of those statements must be wrong...how can you patch a vulnerability if it cannot be patched?
Patching was done by the unofficial method of patching it, as per described in the kreativrauschen.com blog -- i.e. the OpenX team _still_ hasn't released an official patch to the problem, but it can be patched by other means.
|
|
Advertisement
|
|
|
|
Mez
AfterDawn Addict
|
17. September 2010 @ 13:19 |
Link to this message
|
|
DRD is correct!
I think have been nailed twice by adds. Once for sure a year back and maybe once yesterday. You get a virus just by passing a mouse pointer over the add. I have 2 viral scanners and one spyware scanner and still I got something. Actually, the first time I only had 1 virus scanner. The first time the attack was obvious because it halted all operations and downloaded a bot-net virus to my computer. I knew I was being screwed tried to shut down services then resorted to turning off the computer. In retrospect, I should have pulled the plug.
Yesterday I did send out a virus bomb in an email. I don't know what happened so maybe it was an add or maybe not. I did find a popup box that should not have been able to popup. I figure something in an add may poped the window in a way FF did not detect and block it. The popup was where the virus was hiding but who knows. I am fairly sure I sent the bomb just before I found the popup. I couldn't find any trace of it when I scanned. The process left me scratching my head.
|
