Sponsor's Message

Thanks to the power of hypertext linking, and more recently some cool new D/X/HTML features, a webpage need no longer be a single monolithic element.

Even when I was running 7am.com, the cornerstone of the services offered were this ability to insert my own content, served up by my servers, directly into other people's pages.

Even that long ago however, despite the fact that the Net was a far more benign environment, I was very much aware of the awesome responsibility associated with borrowing a little web-page-space from other sites.

The problem is that any service which begs space from the pages of other sites must be absolutely certain that they manage that space responsibly -- and this means making sure that there's no way for a malevolent third party to gain control.

Unfortunately, it seems that the ad-servers of a number of networks may have been compromised recently and infected such that, for a period of time, they were delivering malicious code containing the Bofra worm instead of bonafide ad-banners.

Now have your say Got something to say about today's column, or want to see what others think?  Visit The Forums While you're here, why not visit the Aardvark Hall of Shame and perhaps make your own nomination.

Since these advertising networks delivered banners to a much larger number of other sites, the effects of this infection were greatly magnified.

Even the geek-news site The Register was caught up and became an unwitting (and unwilling) accomplice to the events that then transpired.

The Falk AG ad-network seem to be the primary source of the problem and there must now be some real concern as to the quality of their system admin and security procedures -- but other reports indicate that they are not the only ones to have been used in this way.

FireFox advocates are now (quite rightly) crowing over the fact that the exploit only affected Internet Explorer users -- but it should be pointed out that those IE users running Windows XP SP2 were also safe from the effects of this infection.

It will probably never be known just how many people have had their machines affected by this fiasco but I suspect the number will be stunningly high and further justification for switching away from IE to a smaller target such as Firefox or Opera.

It's also a good time to reflect on the old adage: "with power comes responsibility" -- a warning that all those who provide remotely served content to a network of client sites must pay great heed to.

There's little doubt that servers which dish out content directly to the browsers of websurfers visiting other sites will become increasingly high-value targets for the armies of crackers who lurk in the darker recesses of the Net. Unless those servers are locked up like Fort Knox then we will see this problem again, and perhaps with far more disastrous results.

If you're planning on adding some form of advertising to your own website, served up by an external network, make sure you get assurances as to the level of security they offer. Perhaps you could even push them for some form of insurance or indemnity against losses that might be incurred should you find that visitors to *you* site have been hit by a similar problem originating in the ad-network's servers.

But to repeat myself -- right now, Firefox is a much "safer" option than IE for general websurfing. This may well change as Firefox gains a greater percentage of the market (making it a larger / more valuable target) but let's cross that bridge when we come to it.

Until then, IE is the "kick-me" sign of the 21st century.

Have your say on today's column

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!