Comments on: From the floor at RSA: a good-guy rootkit http://lastwatchdog.com/rsa-a-good-guy-rootkit/ on Internet security by Byron Acohido Sat, 19 May 2012 12:59:58 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Somesh Jha http://lastwatchdog.com/rsa-a-good-guy-rootkit/#comment-70 Somesh Jha Thu, 10 Apr 2008 16:38:19 +0000 http://zerodaythreat.com/?p=48#comment-70 Simon, Another thing I wanted to point out. I did not imply any culpability for Google in this matter. In fact, this just a vulnerability in how the web works and nothing to do with Google. In fact this vulnerability can be exploited through any website that displays banner ads, i.e., an attacker can buy banner ads on Bestbuy's website and mount the same attack. In any case, I will definitely post a summary of the aforementioned paper on my blog when it appears. Thanks Somesh Simon,

Another thing I wanted to point out. I did
not imply any culpability for Google in this
matter. In fact, this just a vulnerability in
how the web works and nothing to do with Google.
In fact this vulnerability can be exploited through
any website that displays banner ads, i.e., an
attacker can buy banner ads on Bestbuy’s website
and mount the same attack.

In any case, I will definitely post a summary
of the aforementioned paper on my blog when it appears.

Thanks
Somesh

]]> By: Somesh Jha http://lastwatchdog.com/rsa-a-good-guy-rootkit/#comment-69 Somesh Jha Thu, 10 Apr 2008 16:27:09 +0000 http://zerodaythreat.com/?p=48#comment-69 Simon, My comments are based on a vulnerability based on embedded iFrames. The paper (which has several authors from Google) is going to appear at Usenix Security 2008. The name of the paper is "All Your iFrames point to us". We will have more details when the paper is published. Stay tuned. I will post a summary of the paper when it appears. Needless to say that this a general vulnerability and not just specific to Google. Of course, since Google is publishing about it, they are definitely worried about it.:-) Stay tuned. Somesh Simon,

My comments are based on a vulnerability
based on embedded iFrames. The paper
(which has several authors from Google)
is going to appear at Usenix Security 2008.
The name of the paper is “All Your iFrames point
to us”. We will have more details when the
paper is published. Stay tuned. I will post a
summary of the paper when it appears. Needless
to say that this a general vulnerability and not
just specific to Google. Of course, since Google
is publishing about it, they are definitely worried
about it.:-) Stay tuned.

Somesh

]]> By: Simon http://lastwatchdog.com/rsa-a-good-guy-rootkit/#comment-58 Simon Wed, 09 Apr 2008 03:59:14 +0000 http://zerodaythreat.com/?p=48#comment-58 Can you please explain what you mean by Google banner ads. To my knowledge - Google does not buy or sell banner ads - only adwords. Are you referring to DoubleClick, Google's recent acquisition? Even DoubleClick is only an adserving engine like many others ATLAS DMT, MediaPlex, 24/7 Real Media. To be sure, these services are used by most major publishers to manage adserving on their sites. So the facts are that Advertisers/Marketers buy media on publishers to place their ads. The Publishers use adserving technology to serve these ads. Google can take responsibility of the banner ads as much as Amtrak can of transactions on one of its trains. I really dont care if this post makes it to you blog but please check and let your readers know what Somesh Jha means by Google banners. Can you please explain what you mean by Google banner ads. To my knowledge – Google does not buy or sell banner ads – only adwords. Are you referring to DoubleClick, Google’s recent acquisition? Even DoubleClick is only an adserving engine like many others ATLAS DMT, MediaPlex, 24/7 Real Media. To be sure, these services are used by most major publishers to manage adserving on their sites.

So the facts are that Advertisers/Marketers buy media on publishers to place their ads. The Publishers use adserving technology to serve these ads. Google can take responsibility of the banner ads as much as Amtrak can of transactions on one of its trains.

I really dont care if this post makes it to you blog but please check and let your readers know what Somesh Jha means by Google banners.

]]>