It's not that clever even. It's quite awesome that someone can go in there without any knowledge of the situation and figure this stuff out though. But writing the original code is trivial. The idea seems trivial too. They should have used stenography if they did not.
Yeah, but actually the easier the exploit the more concerning this kind of stuff is. I mean if we can't even trump the easy stuff, how about the more sophisticated attacks?
Well yeah that's the interesting part the exploit is simple, but finding it is difficult. Which is very interesting. It's like the intelligence problem. Where hard stuff is easier than the simple stuff. I guess in the future we will scan for whether the js file is trying to read any other file which should put a stop to this sort of thing.
> These networks aggressively scan advertisers' javascript for suspicious code
How is Javascript that (a) reads parts of a binary file to build a new routine or (b) does silent redirects to TinyUrl NOT suspicious?! What are they looking for in these cases?
5 comments
[ 2.9 ms ] story [ 14.5 ms ] threadHow is Javascript that (a) reads parts of a binary file to build a new routine or (b) does silent redirects to TinyUrl NOT suspicious?! What are they looking for in these cases?