This is the kind of crap I have to deal with

[thiggins]

... in running a website that depends on ads for revenue.

http://arstechnica.com/security/201...tising-that-hid-attack-code-in-banner-pixels/

 

[tomsk]

... in running a website that depends on ads for revenue.

http://arstechnica.com/security/201...tising-that-hid-attack-code-in-banner-pixels/

Wow!.... i can't say I'm not impressed by its ingenuity.... but what a bunch of b******ds.

 

[sfx2000]

It is getting pretty bad out there - and this is driving users to block even more aggressively...

It's stuff like this that also hurts the reputation of the advertiser and the web sites...

 

[RMerlin]

So the next line of defense is for antivirus software to put every web image through a jpeg (re)compressor to force the image content to be somewhat scrambled?

What I note however is that this relies on computers being ALREADY compromised, so they can run the image-carried payload. This is more a payload delivery system than an infection vector, unless one of them can also exploit a flaw in an image decoder (Microsoft did fix a few of these over the years).

 

[sfx2000]

This is more a payload delivery system than an infection vector, unless one of them can also exploit a flaw in an image decoder (Microsoft did fix a few of these over the years).

Apple had an issue with one of their graphics renderers recently - had to do with TIFF if I recall - and the MSFT issue did affect other platforms...

 

[sfx2000]

There's no limit to inventiveness - there was a really neat hack a while back that used the gstreamer frameworks that embedded 6502 assembler inside an audio file that allowed root exploits - that one was pretty specific to the versions of the codecs and linux kernel version...

http://hackaday.com/2016/11/15/a-linux-exploit-that-uses-6502-code/

That's one of the reasons why things that execute code inside of data files are scary from a security perspective - I'm just waiting for someone to get clever with WebGL...

 

[CrazyCanuck]

So the next line of defense is for antivirus software to put every web image through a jpeg (re)compressor to force the image content to be somewhat scrambled?

What I note however is that this relies on computers being ALREADY compromised, so they can run the image-carried payload. This is more a payload delivery system than an infection vector, unless one of them can also exploit a flaw in an image decoder (Microsoft did fix a few of these over the years).

I use a live cd, it works great. Once I reboot it's gone.

https://distrowatch.com/table.php?distribution=tens

 

[System Error Message]

the more malicious ads there are the more people will block ads, not just that but resource usage is a concern too. On some sites with bad ads video stutters, using script block solves the issue as it wont allow you to watch with adblock enabled.