InformAction Forums

Guest wrote:sigh...i couldn't care less about cookies,cookie monster,or Request Policy.it was just an example.
if adlog gets through noscript what else could get through?do you understand the risk???(i'm not being mean,or sarcastic either.)
THIS IS A HUGE SECURITY FLAW!!!

That's one example. But OK, I'll change the name, if it makes you a little less upset.

I reproduced your results, as above (perhaps we cross-posted), but you're still trying to use a hammer to turn a screw.
Not a NS issue. If you don't want the proper tools to block those things, don't complain that they're there.

In this case, as I asked Giorgio, it may require a Greasemonkey script.

Or don't patronize such sites. There are alternatives.
Cheers.

therube wrote:Tom, I've edited any number of times (as I have a habit of doing) so reread my post .

I did. And we probably cross-posted, or cross-edited. But I think my post is still OK.

therube wrote:The ad that you see is generated by cnet itself.

I said that, in so many words, seeing the image source in the source code of the site itself. No third-party calls to do so.

Tom.
i was not throwing a tantrum.i was EMPHASIZING what i was saying.(still did not insult you.)
you just don't get it.adlog is a delivery method.which can be further exploited to deliver "anything,& i do mean anything."
if you think it's not a security flaw.okay.
awww,page 3.(i think this is the end for me.)
i no longer care!!!this is my last post.
thank you everybody.bye,bye.

(Oh, now I'm about to get into trouble ...)

I have Adblock Plus. And with Adblock Plus enabled, I don't see the ad.

Nonetheless, even with Adblock Plus enabled, NoScript does see the com.com domain.

And further, I don't think my filter list has a specific filter to block adlog.com.com or com.com. There are a few xxx.com.com there, but I don't think anything specific to pick up either adlog.com.com or com.com. So that kind of says (to me at least) that there is a more generic rule that is blocking the display of the ad. (I'm not really familiar with ABP, so I'm really surmising on this.)

Not seeing the ad, blocked by ABP, & NoScript seeing the domain, are not mutually exclusive, & are not an indication of anything wrong or not working properly.

(I think.)

if you think it's not a security flaw.okay.

Now that I (think I am) understanding, I have to agree, it is not a security flaw.
Nothing is getting through. Nothing is getting "injected" into the web page.
The only time it comes into play, in these cases, are if you click on the link.
And NoScript provides a mechanism (ABE) to prevent you from following the link, even if you did click on it.

So if you don't want to see the ad, Adblock Plus can do that.
If you don't want to ever follow an adlog.com.com link, NoScript & ABE can do that.
And I suppose by the same token, the ABE rule would prevent an adlog.com.com ad/link from injecting itself into any web page, assuming it attempted to do so, which is not the case with the cnet links.

(Anyone who actually knows this stuff, feel free to confirm that what I'm saying is correct. Or wrong. .)

(old post)

The com.com domain belongs to CNet, they use it for some of their sites

(ie. if you access www.news.com, you're re-directed to news.com.com)

(not any longer it seems)

adlog.com.com is a sub-domain they use, likely for internally tracking ad hits on their sites (and would be completely seperate from adlong.com, which is a different domain).

http://discussions.virtualdr.com/showthread.php?t=158632

(this is a bit of a mess cause the code fragments were not showing up so had to disable BBCode)


Now lets take a look at the ad I posted on page#1:
[code]
<!-- LINK 1 START style:new -->
<div class="ad LAUNCH_PAD" id="ll_1">
<span class="ll_sponsored">Sponsored</span>
<h5 class="ll_title"><a href="http://adlog.com.com/adlog/c/t=2012.03. ... nosis.html" target="_top">Call iYogi Before You Download</a></h5>
<p class="ll_copy">Call 1-855-886-0852 now, to get your PC checked before you download any software</p>
<a href="http://adlog.com.com/adlog/c/t=2012.03. ... nosis.html" target="_top"><img src="http://i.i.com.com/cnwk.1d/Ads/common/C ... wnload.gif" alt="Call Now" class="icon" border="0" height="11" width="11"></a> <a href="http://adlog.com.com/adlog/c/t=2012.03. ... nosis.html" target="_top" class="ll_underline">Call Now</a><img src="http://adlog.com.com/adlog/i/t=2012.03. ... tclear.gif" alt="" style="position: absolute; top: 0px; left: 0px;" height="0" width="0">
</div>
<!-- LINK 1 END -->
[/quote]

This is nothing more then a link. Nothing is being brought in to the cnet site by having the link. They may use it for tracking or whatever, but nothing happens until & unless you click on the link.

[code]
<a href="http://adlog.com.com/adlog/c/t=2012.03. ... .bla...bla
[/code]

Now this is different. This is loading/pulling/bringing in outside content into the cnet page. Turns out it is coming from a com.com domain. But not from adlog.com.com, which is what we've blocked using ABE.

[code]
<img src="http://i.i.com.com/cnwk.1d/Ads/common/C ... wnload.gif"
[/code]

If we modify the ABE block from .adlog.com.com to .com.com (I don't know if that is smart or whatever), then at that point, any content referenced from a com.com domain would be blocked. That would include adlog.com.com & i.i.com.com (& whatever else there may be). This "icon_download.gif" would not load into the page, would not display on the page. (Nor would that zero pixel one found later in the above code block. Now what do they do with a zero pixel "picture"?)

Now even with the ABE rule changed to .com.com, the ad [i]will[/i] still display (though sans the download icon, & possibly other bits). But nothing is being brought in/injected into the web page from .com.com as ABE prevents that.

therube wrote:

if you think it's not a security flaw.okay.

Now that I (think I am) understanding, I have to agree, it is not a security flaw.
Nothing is getting through. Nothing is getting "injected" into the web page.
The only time it comes into play, in these cases, are if you click on the link.
And NoScript provides a mechanism (ABE) to prevent you from following the link, even if you did click on it.

So if you don't want to see the ad, Adblock Plus can do that.
If you don't want to ever follow an adlog.com.com link, NoScript & ABE can do that.
And I suppose by the same token, the ABE rule would prevent an adlog.com.com ad/link from injecting itself into any web page, assuming it attempted to do so, which is not the case with the cnet links.

(Anyone who actually knows this stuff, feel free to confirm that what I'm saying is correct. Or wrong. .)

I *think* I'm getting a pretty good handle on all of this stuff, and agree with each individual statement.

I should have maintained my usual objective demeanor with OP, but as you (and others, including moi) have repeatedly pointed out, adblockers such as ABP can get rid of these for him. But OP was not interested in more add-ons; wanted NS to "do it all". NS is not an ad-blocker. ABP is an ad-blocker. The end.

I do believe you're correct on all, therube.

Oops, I missed this part of therube's monologue:

(Nor would that zero pixel one found later in the above code block. Now what do they do with a zero pixel "picture"?)

That's the classic "web bug", which Yahoo and others later decided to rename a "web beacon", because it sounds less creepy. (It *is* creepy).

What happpens: AdAgency.com inserts the single-pixel (used to be) or zero-pixel (means, even less chance of detection; one could sometimes spot a 1-pixel with a magnifying glass LOL) image, into all cooperating sites.

When you visit SiteX, a call is made to AdAgency.com, to "retrieve" the "image". AdAgency therefore knows that you have visited X. (& presumably, the IP with which you did it).
Whey you go to Y, the same call is made. Link up the calls from X, Y, Z, A, B, C from your IP, or even browser fingerprint --poof! Your browsing history.

For those who allow this to happen, and don't change IPs and fingerprints, they may have years of history on you.
The tracking bug can be in sub-pages, too, so they know which pages you visited within the site.

One woman sued DoubleClick, formerly the world's largest Internet ad agency before being acquired by Google in 2008, and in the subpoena of records, found that they had the equivalent of 968 single-spaced typewritten pages of info about her browsing habits: which sites, how long, which items browsed, which bought, what color, what size, what (n/m) ...

Simplified explanation, but I think that's pretty much it. Did someone say, "creepy"?

therube wrote: Now even with the ABE rule changed to .com.com, the ad will still display (though sans the download icon, & possibly other bits). But nothing is being brought in/injected into the web page from .com.com as ABE prevents that.

Sorry, I based by original rule on the fragment posted by Tom T. (which referenced just adlog.com.com like the topic's title), rather than going back to page #1 where therube's breakdown showed also a web beacon from i.com.com.

So the following rule is the take away:

Site .com.com
Deny

Of course you'll still see something of the ad, but as therube said it's all on-site HTML (no 3rd party requests) which can do no harm.
Notice also that what ABP does with the aforementioned HTML fragment is just hiding it, but it still gets parsed by the browser.

Guest, is this satisfactory?

Giorgio Maone wrote:Sorry, I based by original rule on the fragment posted by Tom T. (which referenced just adlog.com.com like the topic's title), rather than going back to page #1 where therube's breakdown showed also a web beacon from i.com.com.

No offense taken, Signore, but that fragment did contain the beacon, IIUC:

<img src="http://adlog.com.com/adlog/i/r=6458&sg= ... 7.35.51/[b]http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0"[/b] alt="" style="position:absolute; top:0px; left:0px" />

Is this not so?

Tom T. wrote:

Giorgio Maone wrote:Sorry, I based by original rule on the fragment posted by Tom T. (which referenced just adlog.com.com like the topic's title), rather than going back to page #1 where therube's breakdown showed also a web beacon from i.com.com.

No offense taken, Signore, but that fragment did contain the beacon, IIUC:

<img src="http://adlog.com.com/adlog/i/r=6458&sg= ... 7.35.51/[b]http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" HEIGHT="0" WIDTH="0"[/b] alt="" style="position:absolute; top:0px; left:0px" />

Is this not so?

No, it's not.
The src attribute in that <img> element (which tells the browser what URL is to be loaded) points to the adlog.com.com domain, thus the ABE rule prevents the image from loading, no matter what the URL's path or query components (which the i.i.com.com URL you outlined is part of) contain.

Giorgio Maone wrote:No, it's not.
The src attribute in that <img> element (which tells the browser what URL is to be loaded) points to the adlog.com.com domain, thus the ABE rule prevents the image from loading, no matter what the URL's path or query components (which the i.i.com.com URL you outlined is part of) contain.

Thanks for the clarification. I see the difference now.

Giorgio Maone wrote:Guest, is this satisfactory?

sighhh...i really didn't want to come back here.
Giorgio,i'm only replying because you took the time to deal with me personally.thank you.
no,it's not.it's like putting a band-aid on a stab wound.
how is crippling an annoying ad solves the problem.
how many times must i say this:THE DELIVERY METHOD OF ADLOG BYPASSES EVERYTHING,& THEREFORE IT'S A HUGE SECURITY FLAW.IMAGINE IF IT WAS A DIFFERENT WEBSITE.OOPS,YOUR PC IS DAMAGED/INFECTED.TOO LATE TO MAKE UP AN ABE RULE FOR SOMETHING THAT CAN NOT BE DETECTED,& YOUR PC IS DAMAGED/INFECTED.

mark my words:THIS DELIVERY METHOD WILL BE USED FOR EVIL!!!

i tried before to use:Site .com.com
Deny
it only cripples cnet.you need i.i.com for pictures.
you also need dw.com.com for downloads.go ahead,try to download noscript,flashgot,or anything else for that matter.
download.cnet.com/NoScript/3000-11745_4-10461464.html
download.cnet.com/FlashGot/3000-11745_4-10365965.html

it makes no difference if cnet owns adlog.(i knew that.why did Tom who is obsessed with mvps host,& cookies missed this?me,& him use the exact same host file.which clearly shows that.)
it makes no difference if this is an in house promotion/ad.
i.i.com.com,dw.com.com,or adlog.com.com are irrelevant here!!!
THE DELIVERY METHOD IS A THREAT IN IT SELF.PERIOD!!!

Giorgio,i'm a fan of yours,& your work,but my nerves ended at the end of page one.
please,please,please don't take this as an offense when i no longer reply to you.(i just can't deal with this anymore.)
you are aware of this threat.deal with it,or not.it's not up to me.i don't own noscript.
you are our first,& best line of defense.IT'S UP TO YOU.
thank you very much for everything!!!