Reply to post: Re: TheVogon

Revealed: The naughty tricks used by web ads to bypass blockers

Updraft102 Silver badge

Re: TheVogon

I visited several of the sites on the list the dev of uBlock Origin (and its companion addon to thwart this attack, called uBlock Extra) using Waterfox, and I didn't see any ads on any of them. A couple of them are on my regular reading list, and I had no idea they were supposedly up to such chicanery; it's not showing here.

I use uBlock Origin, but the Extra supplement is only available and necessary on Chrome and derivatives, according to its author, so it appears that FF (and derivatives) already are able to defeat this.

I also use NoScript, but even when I set it to "temporarily allow all," I still saw no ads.

Unless a NoScript user was prepared to block essentially all js for the site, I don't think NoScript would help, given what has been presented about the way this exploit works. The script that monitors the ads and uses alternative means to download them and inject them into the DOM would have to be served by the first-party domain, or else it could be blocked just as easily as any other ad server domain. The article says that third-party cookies will masquerade as first-party also supports this... the first-party server-side script downloads the ads, trackers, and cookies from the third party servers, encrypts the data stream, then sends it to the script running in the first-party domain's name space on the client, which decrypts the data and presents it as if it were first-party content.

Nearly every site has a script for the first-party domain, and disabling that one (while possible with NoScript on a per-site basis) is likely to break most sites as completely as simply turning JS off. I don't think NoScript is going to help with this one... but it doesn't seem to matter. FF already handles this content with the regular uBlock adblocker, and the version for Chrome apparently will with the Extra addon (and I would expect the core browser to be modified to block this exploit soon enough, because it IS an exploit, regardless of what the sleazeball ad company may want to call it. If it can be used by them, it can be used by straight-up malware slingers too).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019