back to article Spotify apologises for tainted ad kerfuffle

Spotify has promised to review its security following an attack that exposed users of the free version of its music streaming service to malware on Thursday. Tainted ads displayed to music fans served up content from sites that used the Blackhole Exploit Kit in an attempt to infect users with the Windows Recovery fake anti-virus …

COMMENTS

This topic is closed for new posts.
FAIL

Simple cure for this type of problem

Don't allow any non HTML content for the Crapverts, no Adobe Crash player, no Javascript, no irritating flashing moving crap, no cross site content. If your product is too shit for people to want it or your ad agency too retarded to produce a decent ad using just HTML the problem is not the lack of animated crapware.

I use Spotify occasionally, but only in a browser and only with NoScript and Adblock blocking most of the crap. If you want users to trust your application then you need to distributed an application rather than a security vulnerability package dressed up as an app. Get rid of the crap or end up like the AIM client. I wouldn't run their app in a disposable VM.

0
4
Anonymous Coward

Erm.

How do you use spotify 'in the browser'? Are you sure you're not thinking of grooveshark? In any case, I'm sceptical any streaming service would work properly with noscript, you can barely navigate pages these days without allowing some pointless javascript.

4
0

One solution

Don't serve third-party ads. Having no advertisements at all would be ideal, but many web sites depend on them as their only source of revenue. So turn them into first-party ads by getting the ad content, running it through a malware scanner or three, and host them on the site itself. In addition to blocking poisoned ads, this would get rid of ad network tracking, and allow highly-targeted advertising (e.g., on social networks) without sharing personal information with other companies. Everyone wins.

1
0
Bronze badge
FAIL

RE: One solution

Third party ads are (usually) served from CDNs (Crapvertising Delivery Networks) that have large pipes. If those ads were served from YOUR host, then YOU need the bandwidth, and end up paying for it.

2
0
WTF?

adverts are small beans...

...in bandwidth terms when you're a music streaming outfit.

0
0
FAIL

A link to the specific malware removal software would have been nice...

as oppposed to a statement like, ' if you had a decent malware checker, you would have been fine...'

If you open the security hole, you have a level of responsibility to get rid of any infections.

Saying 'sorry' doesn't make it OK...

0
0
FAIL

Close

Whilst it would be good (for us and for them) for them to distribute some anti-malware in this situation, if "Third party ads are (usually) served from CDNs" then I think that the responsibility for this snafu lies fairly and squarely with the CDNs.

If they are to be allowed to push ads to thousands or millions of users then they must be made to GUARANTEE the ads they server are malware- and virus-free.

It's not like they are serving millions of different random ads, there would only be a relatively small number saved on their site somewhere, it is just so plainly obvious they should actually scan them to make sure they have no problems.

2
0

The Cube - Spotify does run in the browser

Thanks for the useless advice, but Spotify can't be run via a browser.

1
0
This topic is closed for new posts.

Forums