http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit/ Information Security Think Tank Fri, 21 Nov 2008 22:01:45 +0000 http://wordpress.org/?v=2.6.3 http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit/#comment-33582 Ad Jacking XSSing for Fun and Profit — Search engine Google Tricks and Google Help Tue, 03 Jul 2007 16:12:58 +0000 http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit#comment-33582 [...] and punish click fraud offenders. I believe Ads are also moving away for PPC schemes source: Ad Jacking XSSing for Fun and Profit, GNUCITIZEN | [...] [...] and punish click fraud offenders. I believe Ads are also moving away for PPC schemes source: Ad Jacking XSSing for Fun and Profit, GNUCITIZEN | [...]

]]> http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit/#comment-33158 David Kierznowski Sun, 01 Jul 2007 09:34:58 +0000 http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit#comment-33158 pdp, thanks for the comment. I was thinking how future spyware might utilise attacks along these lines. Definately an area for progressive badness :) pdp, thanks for the comment. I was thinking how future spyware might utilise attacks along these lines. Definately an area for progressive badness :)

]]> http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit/#comment-33151 pdp Sun, 01 Jul 2007 08:47:19 +0000 http://www.gnucitizen.org/blog/ad-jacking-xssing-for-fun-and-profit#comment-33151 I agree. The further we go the more we are going to see stuff along these lines. Usually, there is no profit from attacking the user directly. I mean, what's the worse thing that can happen? Maybe steal their account and probably find some sensitive information. Although, sure, this is not a good thing, it usually involves a lot of effort mainly because the attacker needs to look for this information and then find a way to use it. Unless the attacker is really dedicated they wont do it. They need a framework. Ad programs have already this framework. All attackers need to do is start using it and eventually abusing it. Ad-Jacking is definitely here to come. I agree. The further we go the more we are going to see stuff along these lines. Usually, there is no profit from attacking the user directly. I mean, what’s the worse thing that can happen? Maybe steal their account and probably find some sensitive information. Although, sure, this is not a good thing, it usually involves a lot of effort mainly because the attacker needs to look for this information and then find a way to use it. Unless the attacker is really dedicated they wont do it. They need a framework. Ad programs have already this framework. All attackers need to do is start using it and eventually abusing it. Ad-Jacking is definitely here to come.

]]>