More details on the Bofra Incident

Nov 21st, 2004

Comments: 0
Category: Web Security

More details on the Bofra Incident

Bofra exploit hits our ad serving supplier | The Register
While I’m not sure if this is the “major UK Site” referred to in the previous posting, there’s some information about a compromise of one of the registers advert suppliers in the story above..
It’s really quite a cunning plan by whoever carried it out, as they’ve realised that you only need to compromise one set of servers (the advertising company) in order to potentially infect many of their clients…..
One thought that occurs to me from this is that you have to wonder whether sites should be taking steps to validate adverts and any other 3rd party content which is provided by frames on their site….. (heck imagine if someone managed to compromise the servers which provide those advertising boxes provided by search engine companies!!!)

Add a comment

Your email address will not be shared or published. Required fields are marked *