Spotify apologises for tainted ad kerfuffle Spotify has promised to review its security following an attack that exposed users of the free version of its music streaming service to malware on Thursday. Tainted ads displayed to music fans served up content from sites that used the Blackhole Exploit Kit in an attempt to infect users with the Windows Recovery fake anti- …
Don't allow any non HTML content for the Crapverts, no Adobe Crash player, no Javascript, no irritating flashing moving crap, no cross site content. If your product is too shit for people to want it or your ad agency too retarded to produce a decent ad using just HTML the problem is not the lack of animated crapware.
I use Spotify occasionally, but only in a browser and only with NoScript and Adblock blocking most of the crap. If you want users to trust your application then you need to distributed an application rather than a security vulnerability package dressed up as an app. Get rid of the crap or end up like the AIM client. I wouldn't run their app in a disposable VM.
Don't serve third-party ads. Having no advertisements at all would be ideal, but many web sites depend on them as their only source of revenue. So turn them into first-party ads by getting the ad content, running it through a malware scanner or three, and host them on the site itself. In addition to blocking poisoned ads, this would get rid of ad network tracking, and allow highly-targeted advertising (e.g., on social networks) without sharing personal information with other companies. Everyone wins.
as oppposed to a statement like, ' if you had a decent malware checker, you would have been fine...'
If you open the security hole, you have a level of responsibility to get rid of any infections.
Saying 'sorry' doesn't make it OK...
Whilst it would be good (for us and for them) for them to distribute some anti-malware in this situation, if "Third party ads are (usually) served from CDNs" then I think that the responsibility for this snafu lies fairly and squarely with the CDNs.
If they are to be allowed to push ads to thousands or millions of users then they must be made to GUARANTEE the ads they server are malware- and virus-free.
It's not like they are serving millions of different random ads, there would only be a relatively small number saved on their site somewhere, it is just so plainly obvious they should actually scan them to make sure they have no problems.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
