Forbes Asks Readers To Disable Adblock, Serves Up Malvertising (engadget.com) 406
Deathlizard writes with a report at Engadget that when this year's "Forbes 30 Under 30" list came out , "it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information."
And with laws like the DMCA you can be sued for (Score:3, Insightful)
And with laws like the DMCA you can be sued for telling other how to bypass the ad block block.
Re: (Score:2, Insightful)
And with laws like the DMCA you can be sued for telling other how to bypass the ad block block.
[citation needed]
Re:And with laws like the DMCA you can be sued for (Score:5, Informative)
It's US Criminal Code, Section 2701. This law is closely tied to the European Directive 2001/29/EC. Please review it, not with the understanding of a reasonable person, but with the approach of a lawyer for whom the details of the law is critical, and their client's interests paramount over reason.
Re:And with laws like the DMCA you can be sued for (Score:5, Informative)
(a)Offense.—Except as provided in subsection (c) of this section whoever—
and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.
In other words, if something is preventing you from accessing content, bypassing it is a violation. Blocking ads itself isn't a violation, but blocking something that hides content unless you turn off ad blocking is.
Re:And with laws like the DMCA you can be sued for (Score:5, Interesting)
By that silly law it's even illegal to keep the malware from infecting you.
That law is seriously broken. It's like making it illegal to keep a burglar from entering your house.
Re: (Score:3)
Are we sure that the law isn't referencing a BUILDING? The way I read it, it's talking about lying your way into a colo facility or some such.
Uh, no (Score:5, Informative)
Re:Uh, no (Score:5, Interesting)
It could be argued, that the "No, really, let us show you the ads, because it pays for the content" mechanism is a payment mechanism to view protected content. By circumventing that to get unpaid access to the content, you are engaging in circumvention of a rights management system, and thus fall victim.
That's the thing with DRM-- it can be extremely feeble-- it still counts when considering the DMCA.
It could be argued that reading the article without "paying" for it (with your advert exposure) is piracy, and that to prevent you from doing this, the anti-blocker script was introduced.
Still a load of bullshit-- The need to circumvent protections that are onerous and not in the public good (or that prevent authorized special exception use, such as via a library) is very important but given short shrift as far as the DMCA is concerned.
There's no way that would hold up (Score:3)
Re: (Score:3)
Indeed, and if you have enough cash you can argue your case in court for a year or two and win. If you don't die of a stress induced illness before then obviously.
Don't be ridiculous; you can't win. If it looked like you had a chance of winning, the company would settle but require you to sign an agreement not to reveal the results. Just because a law is bad doesn't mean it can't still be used.
Re:Uh, no (Score:5, Interesting)
It could also be argued, much more concisely in fact, that the advertisers are guilty of violating the Computer Abuse and Fraud Act, one count accessing a computer system without authorization, multiple counts accessing computer networks without authorization, plus the multiple counts of fraud and counterfeiting their malware performs on their behalf.
I'm OK with a DMCA violation that is a $150,000 fine (max penalty) so long as these people get their 60 years in prison (max sentence) as well.
Re:Uh, no (Score:5, Interesting)
Don't you by very nature of the HTTP protocol need to ASK for this content? I know this is splitting hairs but I can't imagine that your reasoning would fly.
That's the entire point.
I asked for an image. Not executable code, not an image with executable code, but an image.
(Note I made no complaint about getting that image I asked for)
Say you ask me to send you money. Are you arguing you have no right to complain about the anthrax in the envelope so long as I actually did include money along with it too?
Re:Uh, no (Score:5, Insightful)
The problem is that Forbes doesn't know who the advertisers are. They sell ad space to a company which in turn sells some number of hits to many different advertisers, mostly through automated means. Some malware distributor buys some hits with a stolen credit card number, uploads the malware and neither Forbes nor their ad service has any way to track down the source. IP will turn out to be a Starbucks or Internet cafe.
Re: (Score:3, Insightful)
The problem is that Forbes doesn't know who the advertisers are.
Yes, but technically it's their problem. They should take responsibility and push for advertisers to behave morally.
The whole system is rotten to the core.
People can't trust sites because sites can't trust their ad distributors because the ad distributors can't trust the advertisers. And noone in the chain after the user takes any responsibility for making a safe advertising system. And then they whine when people use ad blockers as their last line of defence.
I mean, it's beyond ridiculous.
Re:Uh, no (Score:5, Interesting)
Then encrypt the article with a key derived from the hash of the ad.
Re: Uh, no (Score:3, Funny)
Working to patent your idea now ;)
Re: (Score:3)
No. No it isnt.
Here's a link--
https://www.law.cornell.edu/us... [cornell.edu]
And here's the pertinent section's text.
and
They Made Mozilla Their Bitch For a Reason (Score:5, Informative)
Note that browser makers Google, Microsoft, and Apple have continually pushed for DRM to become part of web standards [slashdot.org].
And that they obtained considerable financial influence [slashdot.org] over the browser maker thought most likely to resist (Mozilla).
And that Mozilla gave in [slashdot.org] on DRM and continues to make inexpicable blunders and lose market share.
After such a relentless campaign to ensure all available browsers contain DRM, I wouldn't be at all surprised to see DRM used to protect ads, particularly in video. Stopping you from reading/recording a video stream necessarily stops you from altering it.
Damn, am I ever so happy (as always) that the proven tech leader was ousted as Mozilla's CEO in favor of the former head of marketing.
Re:They Made Mozilla Their Bitch For a Reason (Score:5, Interesting)
Funny anecdote:
One site I frequent now and then shows short ads before the clips (with a timer how long the ad takes). So I usually open the tab, look how long it takes, then go on to another tab to do something else in the meantime. Works great. Only ONE time I got back to the page, see the last few seconds of the add, think "this looks interesting, what was that?" Of course they not only restricted fast forward during the ad, they also restricted rewind. So they themselves prevented me from watching the ad. Well. Serves them right. ;-)
Re:They Made Mozilla Their Bitch For a Reason (Score:4, Insightful)
yeah, they don't really care about whether you watch the ad. they care about convincing the person hiring them that they're making a "good effort" to show the ad and that their viewership statistics are at least approximately correct.
so why disable rewind? because there are people (and semi-organized companies) who will intentionally re-watch ads, both manually and automatically, to inflate the view counts. disabling rewind doesn't do a whole lot about this, but some clueless manager will check it off on their list. the online ad industry is a total fucking joke, and a great example of how capitalism can also build Potemkin villages when the margins of return are slim and market information is sparse.
Re: (Score:3)
Stopping you from reading/recording a video stream necessarily stops you from altering it.
Except the content providers WANT to alter it in real-time, in order to change out their ads, and taylor them to specific viewers, and gather tracking statistics.
If they would just include the AD in the actual video content, instead of making it a separate object: then the Ad-Blocking software would be a non-issue, as the software wouldn't be able to filter out content from the video stream due to the enormous
Re:They Made Mozilla Their Bitch For a Reason (Score:4, Funny)
The faggots, of course, think it was all about "homophobia".
I wonder how they got that idea.
Re:And with laws like the DMCA you can be sued for (Score:5, Interesting)
you can be sued for telling other how to bypass the ad block block.
I wonder, can Forbes be sued for the damage that they have facilitated?
If users can demonstrate that infection came from them?
Re: (Score:3)
Yes, Forbes can be sued for facilitating. They can also be sued for liking blue, for farting an aerosol dye, and for starting the French Revolution.
Will it be successful? I don't know where to start. Why don't you tell me the last grade you graduated from, and I'll just wing it.
You could read ahead, if you like, so I don't have to hold your hand through the internet bar exam.
I wonder, what did that guy in the stall next to me eat last night? Pure sulphur? Dead curry filled corpses? Raw farts in jars? I can
Welcome to why I run an adblocker (Score:5, Interesting)
Seriously, this is why we run ad blockers, and why I stopped reading Forbes. They need revenue, and I don't trust them to vet their advertisements, so I get my news elsewhere.
Which is sad, because I like a lot of their articles.
Re: Welcome to why I run an adblocker (Score:5, Interesting)
Use anti-adblock killer. Anyways, I think this would be a good thing to start lawsuits over. That is, if Forbes serves you a ransomeware ad, hold them liable for the cost.
If the courts find Forbes not liable, then we need laws to make it happen.
Re: (Score:3)
Re: (Score:2)
Strange. I installed "Disable Anti-Adblock" Firefox extension and Forbes most definitely did not let me into the site. I think that extension (or is it add-on ...wtf Mozilla?) is broken.
Re: (Score:2)
Re: (Score:3)
If using NoScript, you also need to allow a bunch of third party scripts before it will show you the content.
Ironically for me, I didn't even need to disable AdBlock. Just temporariliy allowing Javascript was enough to satisfy the "disable your adblocker" message and let me in.
Re: (Score:2)
Considering they don't get ad revenue from adblockers anyways, I don't think they care if people who use adblockers stop visiting anyways.
Re: (Score:3)
Re: (Score:2)
Or just stop visiting their site.
If the top four or five results from a DuckDuckGo or Google search are from sites that deploy anti-ad-blocking measures, it's going to become hard to find things through web search without having to waste your time clicking the back button more often than not.
My brother (Score:4, Interesting)
Re:My brother (Score:5, Interesting)
In my case, it really was the ads just getting too annoying. I never used to block ads when they were just a .gif banner at the top of the site, or a static image in the sidebar. Popups began the annoyance, and I blocked them but not ads in general for a while. I think it was X10 and their pop-under ads that provoked me into using a general ad blocker.
Re:Welcome to why I run an adblocker (Score:5, Interesting)
For many years I used no-script instead of an ad-blocker, which almost amounted to the same thing, as the most obnoxious or dangerous ads rely on scripting. The difference is that the modern web utterly breaks without scripting, and it was just too much of a pain in the ass to try to figure out what to whitelist when sites are often pulling from many dozens of different domains for various javascript pieces, services, or what have you. So, I uninstalled no-script and installed ublock-origin instead, because nowadays, I figure most malware I'd see would be from ads.
We see from this that the ad networks still don't have malware under control, so I won't disable ad-blocking. That's essentially like asking me to disable my firewall or anti-virus to read an article - it will never happen, ever, unless I'm using a browser instead a disposable virtual machine image or something equally safe.
Until we get a mechanism to ensure that advertisers can't run arbitrary scripting, launch Flash or Java, or provide their own arbitrary content, I'll continue to block ads purely for safety reasons. Even static images or multimedia has proven to be dangerous, as the recent stagefright debacle on Android has shown. Honestly, most normal ads don't bother me all that much, and I'm aware they pay for a lot of content. But I'm not going to be lowering my shields to read your article, sorry. There's just too much malware out there today, and a lot of it is REALLY bad. My personal safety comes first.
Way out of control. Far worse than people say. (Score:5, Interesting)
It amazes me that, when I go to the Ally Bank web site to see my accounts summary at the following URL, Ghostery says "Ghostery found 8 trackers":
https://securebanking.ally.com/#/accounts/summary
The Ally Bank URL contains the words "secure banking"!
Here are the trackers:
Advertising.com
Google DoubleClick Floodlight
Google DoubleClick Spotlight
Google Dynamic Remarketing
MediaMath Advertising
Omniture (Adobe Analytics)
Qualtrics
RUN (https://match.rundsp.com/)
There is nothing "secure" about notifying other companies that I am looking at a summary of my bank accounts!
Re: (Score:2)
I don't really like their articles very much, but I'm lazy and I click on TFA's links simply because it's what slashdot serves for dinner.
(Re)?Dear Slashdot (Score:4, Interesting)
Re: (Score:3, Funny)
It's an ex girlfriend you hook up with again.
Re: (Score:2)
A redear is what you get when Dr Frankenstein and roadkill get together.
Re: (Score:2)
What's a redear?
It's the opposite of a wrytur with bad smelling.
Re: (Score:2)
Rudolph the red-nosed red ear?
Re: (Score:2)
time to remind people to wear appropriate headgear, With 30 below zero windchill your ears can get red in no time
Lets see how the Cold Avenger Expedition balaclava goes.
What the F is Redears? (Score:3, Insightful)
Re: (Score:3)
Man this place going to the dumps...
Slashdot---going to the dumps since 1997.
Get a grip. I've been here well over a decade now and people have ALWAYS been complaining about typos in the summary, dups and other such things.
Yet Slashdot continuously links to Forbes (Score:4, Insightful)
Matter of fact they do it in the story just below this one
http://politics.slashdot.org/s... [slashdot.org]
Seriously I know for some reason they have relentless need to plug Ask Ethan but seriously could they at least do it by posting a link to an archive site. Archive.is comes to mind as a good alternative to links to Forbes
Re: (Score:3)
Forbes is a famous news source catering to rich conservatives. It features mostly business news, and political news with an economic or business bent.
Similar to Wall Street Journal, or Fortune magazine.
The stories on Forbes are often biased. Readers should take that with a grain of salt.
Re: (Score:2)
Well I guess it has overlap with rich conservatives who work in IT but I'm not sure the relevance to a tech forum.
Content from one domain (Score:5, Informative)
Prove you're not inflating view/click counts (Score:2)
Say you run a site that serves ads on your own domain. Now someone wants to advertise on your site but wants accurate reach metrics. How are you going to convince an advertiser that you are providing view counts and click counts that aren't inflated?
Re: (Score:3)
Advertisers choose the Internet over radio and TV in part because the Internet gives more detailed reach statistics than radio and TV.
Re: (Score:3)
Like other solutions, this one is temporary at best. Sites are already starting to serve third-party ads from their own sites. They'll get better at it with time, until self-hosted ads will be as obnoxious as the third-party ads are now. Many sites have already succeeded in reaching this goal.
Re:Content from one domain (Score:5, Insightful)
If web sites allow advertisers to run scripts from the main domain, then these ad scripts will get access to everything, login cookies and all.
Web sites allow advertisers to run scripts from the main domain. Advertisers doesn't want to.
The reason is that advertisers doesn't trust the content providers. They need the end user to connect to the advertiser directly to verify that there is a legit access and not just the content provider trying to fake accesses.
When a content provider asks you to trust them and disable ad-block, remember that there is no trust between the advertiser and the content provider.
we all get what most of us deserve (Score:5, Insightful)
There was a time before advertising infested the internet. Then the first ads started to appear, and many of us warned, "If you support those sites, soon the whole place is going to go to shit. The internet will turn into a clusterfuck of excessive commercialization, fake reviews, astroturfing, and meaningless click-bait content designed to sell eyeballs to advertisers". But did people listen? No, because there were dancing monkeys.
When javascript-infested sites first started appearing, many of us warned, "Are you people fucking insane? Giving random sites the ability to run imperfectly sandboxed code on your computer is going to be a disaster. It'll result in horrifically annoying behavior like pop-unders, unclosable windows, auto-playing audio, and most likely malware. It'll result in behavioral tracking on a scale you can't imagine. It'll result in wholesale transfer of control away from the owner of each computer, to ad companies. Is that what you fools WANT?"
But did people listen? No. Like mice hooked on opiates they pushed the lever and and again for the next hit, without considering the long term ramifications, until it's become hard for most people to use the web without javascript, because we let it become so ubiquitous that nothing fucking works without it. We were too stupid to say "no" when the camel's nose first entered the tent. Now, here's the camel!
The same WILL happen with sites that refuse to serve content if you block ads. A few of us see where that road goes and will say "no thanks", but most of us are far too stupid. The end result will be a web completely unusable if you don't want to let the ad-men control your computer. The end result is TV 2.0, rather than what the internet used to be: a democratic medium where everyone had a voice. It's a wholesale transfer of control from everyone, to a few.
We all get what most of us deserve. Unfortunately, most of us are drooling mouth-breathers.
Re:we all get what most of us deserve (Score:5, Insightful)
You present it as though there were a choice. As internet access spread beyond a small number of geeks (and people started to buy stuff via the internet) then adverts began to appear in earnest and what you describe is more less inevitable. Telling people (at least the non-tech "general public") not to use sites that have advertising is akin to telling them not use the web at all. When a platform becomes as widely used and powerful as the web then it inevitably becomes of interest to the rich and powerful who wish to control it. This is what is happening to the web and it will continue to happen. That's not "our" fault, it's just how things are.
I think the internet will remain a medium for making your voice heard--anyone can start a website, for instance--but we will increasingly give up control to use it. This has been happening continuously. e.g. who bothers to make a website to put up family photos and so forth for their relatives? Nobody really. It's all on the Facebook private sub-internet.
Re:we all get what most of us deserve (Score:4, Insightful)
And yet, none of that is as bad as video. Simple text, something you could read in five or ten seconds yourself, now has to be packed into a video that takes five minutes to play. That's not advertising you can simply blacklist. It's the content you want, packed in a format that's almost useless for quick viewing or for viewing on a slow connection.
There's another camel sticking his nose into the tent. Don't let it enter. Say no to videos of people just reading text.
Fuck off, Forbes (Score:5, Informative)
I've rarely seen a website so encumbered with shit, like Forbes'. Not only should one not stop using ad-blockers when visiting them, one should simply never visit Forbes at all. Add it to the list of blocked sites.
Re:Fuck off, Forbes (Score:5, Interesting)
The most ridiculous ones are showing up on youtube. I have twice seen non-skippable ads show before videos tha are movie previews. As in, have to watch the ads before you can see the ads.
Re: (Score:3)
Culpable? (Score:2)
I wonder if them asking you to turn off your adblocker and then serving you malware (an acknowledged reason people use adblockers to avoid) makes them at least partly culpable for any resulting infection?
If not then next time I see one of these notices I will drop them an email with my Terms Of Servicing for them to agree too before I disable my malware protector (adblocker).
Slashdot (Score:5, Insightful)
Adblock plus is telling me it's blocked 13 ads on this page and that's with the excellent karma opt-out.
Re: (Score:3, Funny)
193 huh? Sounds like you picked up some kind of malware which injects ads into websites. Perhaps you picked it up at Forbes?
And guess where the very next /. story links to? (Score:2)
And it was with no sense of irony that I report the very next Slashdot story, about the North Korean Nuke, links to Forbes' story that asks me to what? Disable my Ad Blocker.
Perhaps one thing sites like Slashdot can do about websites that encourage people to disable their adblockers is to not link to them? Maybe?
Hahahahahaha (Score:4, Interesting)
Now stop linking to Forbes, slashdot. Archive.is if you need to. That website has been a steaming pile of shit since they started demanding what you think and see, of course they think nothing of demanding what your computer processes and does. They are tyrants, STOP LINKING FORBES
Try uBlock (Score:2)
Re:Try uBlock (Score:5, Insightful)
> People who scream that they should be able to use ad blockers because they don't want to see ads sound like self-entitled jerks.
I don't give a fuck what name you call me, I'm not watching your fucking ads. Go to hell.
Re:Try uBlock (Score:5, Insightful)
No one is obligated to prop up your artificial scarcity dependent business model. Your rights end where others' systems begin. If you don't like it, put your site behind a paywall and find out what it's really worth to most people.
Txn fees too high for pay per page (Score:2)
A paywall could be practical if it were possible to pay per page. But right now it's not because the credit card networks charge a swipe fee far too large for that to be practical. Even Bitcoin imposes a transaction fee of 0.0001 BTC (about 4.5 cents) payable to the miner who verifies your block.
Having to subscribe to 10 different sites (Score:3)
Next to nobody is willing to pay for a whole month just to read one article found through a search engine or through a citation shared by a friend. Imagine having to do this to read one article from each of ten different publications in a month.[1]
[1] "Adblockers say, 'Find a better business model.' But can you really?" [blockadblock.com] posted on 2015-10-12
Now you want to take us back to dead trees (Score:3)
It's the same as with dead tree magazines - if you don't pay for it then that magazine is dead.
Which means the majority of articles would be dead to the majority of people, as the majority of people would not have the resources to maintain a subscription to the majority of periodicals, including the effort to obtain back issues. How does it benefit the public to make the majority of articles dead to the majority of people?
Editorial echo chamber (Score:3)
One side effect of moving to closed access, where articles are spread out across several publications each with its own monthly or annual subscription, is that it'll become cost prohibitive for an individual to sample the viewpoints of several different publications. This means people will end up sucked into the echo chamber of one single publication's editorial bias.
Article author is activelt responding (Score:2)
Your content is not worth it. (Score:5, Insightful)
Whenever I encounter a page that requires me to turn off adblock: I close the site.
Re: (Score:2)
Closing the site is fine, but it would be better to simply read their content. The technical workarounds should get easier as sites fight this losing battle- they'll invest more and more into garbage that can be fixed easily on clientside.
But just leaving the shitsites alone is also fine.
Re: (Score:3)
It shouldn't be a difficult matter for some one or two to author a Google AdBlock-Block Filter plug-in that removes search results that you can't (by choice and sanity) actually view, once enough demand exists.
I'm entirely in favour of this demand existing.
Stop linking to Forbes (Score:5, Interesting)
I went ahead and went to the Forbes site (which it says I'm "still" using an adblocker, in the same sense that I'm "still" a carbon based life form), and then I went and grabbed one of the scripts that they serve on the main page in lieu of fucking content.
Here's a link: I originally put a TINY amount of it here, but it was SO shitty than even after cutting it down it would just ruin you.
view-source:http://i.forbesimg.com/welcomead/scripts/12662fd2.vendor.js
Just go read that script. It might make you cry.
blah blah blah just megabytes of this shitscript to push through an article that maxes out at a kilobyte. It's fucking ludicrous.
And that's without all the ads (which are meant to own your head, and of course maliciously own your computer, and DO YOU THINK THEY ARE LIABLE FOR SERVING ADS THAT TURN YOUR MACHINE INTO A RUSSIAN SERVER?)
Stop. Linking. Forbes.
It's a pile of shit website. If you must, EACH link should go through archive/is or some other service to neuter the malware and bullshit. Stop enabling these fucks. If you need to serve megabytes of malware and bullshit just to put text on the screen, drink bleach kthx
Fuck Forbes (Score:5, Interesting)
Which exploit? (Score:2)
Is it known how the exploit worked?
Did it depend on Flash, or on a specific browser and OS?
Re: (Score:2)
The exploit is social engineering. First they shame you into turning off your adblocker ("You're STILL using an adblocker, please enjoy our ad-light experience!"), and then, once you are fooled, they shove the malware in.
As to which exact drive by download exploit the malware used- who cares? They will never be fixed, scripts are fundamentally broken.
Re:What isn't broken? (Score:5, Informative)
> Then what means of deploying an application across platforms isn't fundamentally broken?
The part where you deploy an application. That part is broken.
Did you follow the link to your spreadsheet? Or was it to a news article? There's an application you have for "display a news article". It's a browser running HTML with no scripting enabled. That displays text just fine- it's the only fucking purpose.
The reason scripts are FUNDAMENTALLY broken is that they are code. The fact that they are code that is treated by browsers as if they are just part of the browsing experience is ludicrous. If you want to use like Google Docs, that's a pretty good time to need code, so if you click through some script-enable dialogs, or honestly even a UAC in Windows for that, that could be reasonable. If the majority of browsers in the world just download and execute code, you are asking for exactly the security shitstorm we constantly and ceaselessly see. Running javascript is AS RISKY as running raw opcodes, because at any given day since Javascript's release, there's been multiple exploits to turn the javascript straight into those opcodes. The fact that the world is full of fools who think you need a webapp to display a news story is hideous.
Spell Check Is Your Friend (Score:2)
"Forbes Asks Redears To Disable Adblock..."
(sigh)
Oh wait, is "Redears" the name of some guy that uses Adblock?
The solution is cookie editing (Score:2)
Reddit has a solution that is reasonably easy to google:
https://www.reddit.com/r/Adblo... [reddit.com]
These instructions are for Chrome. The only thing you need (besides an adlbocker!) is a cookie editor that can import JSON. For Chrome, EditThisCookie works.
Here's the cookies:
[ { "domain": ".forbes.com", "hostOnly": false, "httpOnly": false, "name": "dailyWelcomeCookie", "path": "/", "secure": false, "session": false, "storeId": "0", "value": "true", "id": 3 }, { "domain": ".forbes.com", "hostOnly": false, "httpOnly"
Re: (Score:2)
By the way, if anyone wants to throw in a link to a working cookie editor in Firefox that would be pretty sweet. "Edit Cookies" looks abandoned and useless, and "Cookie Manager+" (I merged the names in my OP) seems hard to use- it's supposed to be like, hamburger -> wrench -> Manage Cookies, but it's not there for me.
Not a problem for me...? (Score:2)
I'm using Adblock and I can all the articles on Forbes without any problem. (??)
Easy fix (Score:2)
My response when I first ran into this a couple of weeks ago: "Fuck you Forbes. Bye."
There is nothing on their site that can't be had elsewhere, there is nothing special about them at all.
If it is true that they really are serving up malware, then perhaps the resulting lawsuits and bad reputation will take them down.
Re: (Score:2)
No, it's a shell game. They'll never get caught.
See, Forbes says "Oh, we send all the advertisements to these third party networks, of which ONE was bad. We're following best practices, can't sue us!"
Then you find the network that served the shit ads, and they have some excuse about a contractor. "We're following best practices, can't sue us!"
The contractor has an excuse, if you can even find him, if he's even a person instead of some bot-generated identity. Can't sue what doesn't legally exist!
This is
Primed? Likely? (Score:5, Informative)
Interesting claims. Visitors were "immediately served with pop-under malware", although there is only one citation given, which is a link to a picture (presumably a screenshot) on @bbaskin's private Twitter account, which can only be seen by a "confirmed follower". Uh, okay. Nonetheless, this malware was "primed" to infect their computers and "likely" to do a lot of horrible stuff. Having run out of conjectures (let alone facts) about Forbes by the third paragraph, the rest of the article is padded out by a list of past incidents involving DailyMotion and MSN, followed by some bloviating which even Bennett Haselton [slashdot.org] might be ashamed of.
I'm totally sure that this isn't just attention-whoring from a litigious sex columnist [wikipedia.org] who, after publishing The Adventurous Couple's Guide to Strap-On Sex and her second edition of The Ultimate Guide to Cunnilingus, apparently ran out of ideas and re-styled herself a computer security journalist.
Yes, I know malware is served through advertising, but this article is about a specific claim of Forbes being used as an injection vector with literally nothing backing it up. Also, let me note that there's nothing wrong with being a sex columnist. I just don't think that automatically means you should write about computer security.
Re: (Score:3)
It *might* be a hatchet job. But remember, malicious code is not written by script kiddies- it frequently tries to detect what it is running on, and ONLY sends the payload if it passes a whole bunch of checks. It wants to put off landing on the desk of a security researcher as long as possible. So someone being lucky enough to find the malware, but being unable to repro, is not exactly uncommon these days.
Maybe we should stop downloading and running code when we want to read a news article?
From my cold, dead hard drive... (Score:4, Funny)
Okay, I DO understand the point that content producers make that it cuts into their revenue. And I DO believe they should be paid for their labors.
But that doesn't mean I'm going to work a second job just to turn the proceeds over to them.
Malvertising is a ubiquitous, ongoing problem. And I'm not exposing any systems I have control over to that. Because the amount of work it takes to clean up from that sort of infection is VERY non-trivial. And if it causes me to lose data on a business machine? Oh HELL no!
Current internet advertising is a dirty, disease-ridden whore, and ad blockers are condoms.
Easily Solved (Score:3)
Also, for what it's worth, the MOAB hosts based ad blocker doesn't seem to trigger their advertising popup. Though if you're running a hosts based ad blocker, you could just add their site to it, and that'd solve your little Forbes problem, too.
Re: (Score:3)
Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)
Then Forbes will serve you the full page, even if you're using Adblock. Lots of other sites will serve you their full page, instead of just an introductory paragraph, then begging you to sign-up or sign-in.
This is EXACTLY the kind of thing Google tells webmasters they are not allowed to do... Serving up different content for its bot, than other users. Why they
Change useragent to Googlebot to read Forbes w/ AB (Score:4, Interesting)
They are of course reliant on Google page rank so the Googlebot gets special treatment.
Dear Adblock-blockers (Score:3)
I can survive without you. Can you without me?
Oh, you cannot survive with me blocking your ads? Ok. Accepted. Die.
Re:And that's why... (Score:5, Insightful)
because it's a big and trusted name
And trying hard to rectify that...
Donation-supported public benefit corp (Score:2)
And the elsewhere site is going to somehow support itself without any revenue from ads? How?
By being a public benefit corporation and accepting donations from its readers. One example of a public benefit corporation is SoylentNews, and that's where a lot of us will end up should Slashdice go full betard or put up anti-adblock measures.
Re: (Score:2)
Re: (Score:3)
For Forbes you'll need a cookie editor. I tested it with uBlock origin, but I suspect it will work fine with hosts solutions, including APK's. The two weaknesses of APK's host engines are: a hosts solution currently has reasonably easy workarounds if an advertiser wants to fight (and they do- advertisers are just like spammers, and they deleted usenet and almost ruined email), and I'm pretty sure the Host Engine is not multiplatform.
I could be wrong about the second one, and the first one isn't *really*
Re: (Score:3)
Yes, anything is possible, just as it is possible the sun will super nova tomorrow and destroy the earth... or the planet will get hit by an untracked meteor; or how about the nemesis theory?
This is a prime example of someone who gets their computer taken over by a botnet.. doesn't care, don't even look. Just merrily goes about their life oblivious while their computer is used for nefarious purposes, like serving malware to other idiots.
Re: (Score:3)
Yep. Do not feel bad about blocking all ad's. until the ad's are no longer laced with malware, feel good about blocking every bit if that crap.
Boo hoo website admin... you don't deserve any ad revenue if you are using doubleclick or other ad serving companies. you want ad supported revenue, then get off your lazy asses and get your advertisers yourself and host your ad's locally.