Good morning! In terms of aggregate risk on the web, do you agree ad scripts > "regular" XSS?
-
-
Not sure how you can quantify "aggregate risk", but I'd say it's exactly the opposite.
1 reply 0 retweets 0 likes -
Replying to @arturjanc @johnwilander and
That is, the apps where you keep your data can easily sandbox ads. Can't easily prevent XSS
1 reply 0 retweets 1 like -
I don't mean what they can do, I mean what they do do. The aggregate risk out there.
1 reply 0 retweets 0 likes -
The risk is someone stealing my email/photos/documents. Not a website logging my visit.
1 reply 0 retweets 0 likes -
You are missing the point. Black hats constantly abuse ad networks.
2 replies 0 retweets 0 likes -
Loading ad network scripts doesn't have to allow BHs to run JS in your origin (tip: frames)
1 reply 0 retweets 0 likes -
Again, not talking possibilities. I've worked in media. Ad networks demand control.
1 reply 0 retweets 0 likes -
Replying to @johnwilander @arturjanc and
In addition, frames can exploit the browser engine inside their sandbox.
1 reply 0 retweets 0 likes
Any site you visit can do this - the web is built to let you view arbitrary webpages.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.