Banner Ad hack hits MySpace users – why?
A malware-loaded ad was published through a 3rd-party advertising network and exploited MySpace users’ bad patching practices (or choice of vulnerable software, depending on your perspective) and was described in the Washington Post about a week ago. So, from a user’s perspective, where does the responsibility lie?
I would argue that this failure is on the advertising network. Some have written about the seeming ‘impossibility’ of monitoring all the different ads that they publish, but is that ever the argument given on television or in a newspaper if a racist, demeaning, or otherwise offensive advertisement is shown?
Never.
Why should the web be any different? If you are outsourcing editorial control (by using a 3rd party ad network) then the responsibility should be in that contract, and they should be held responsible. The real issue is the user-unfriendly ads that are being published these days — javascript, cookies, flash, all kinds of uncontrolled coding that can be used for attacks like these.
If you can’t control or scan for the vulnerabilities, the ad network needs to dial it back to only serving images and links. If you can’t validate the advanced advertisements, go back to the old style and don’t let the advertisers push you beyond the point of control.
Technorati Tags: malware, banner+ads, user+advocacy