undefined | Better HN

0 pointsdwild6y ago0 comments

> to regain control of your browser is to either reboot the iPad (that's what many normal people do) or you force-close Safari...

That's seems more like a browser issue, but none the less, any links on Hacker News could do the same.

I don't consider that malware to have to close an application, just like I don't consider a malware a link that rick roll me (which still force me to close a tab ;) unless I want to stay on Youtube).

> That's not what happens.

Aren't we talking about running malicious JS? Any link you click can contains malicious JS, yet you click on that link without thinking about it, but when it's an ad that may contains malicious JS, you block it altogether.

I don't understands really what you means by not what happens.

> Maybe you should contemplate the possibility that you're wrong.

I contemplate each time I'm discussing with someone about it. I still haven't got any evidence about it.

Each time I ask someone that does it for "security purpose", when they don't answer by "do your own research" (which I always try when they say that even if it's absurd to have nothing to defends yourself), the best example they always have is either link to some report with stats that doesn't define malware, or the Forbes case of when one of their ad was a fake Java update. If that's malware, then here we go, HN now serve malware too: Click on that URL to update Java: https://forbes.com

If we were arguing blocking Javascript for security purpose, now that does make sense (still pretty unlikely, but based on news, it seems to happen much more).

0 comments

Tomte6y ago

With ad networks you didn't click on some shady link. You just get the malware Javascript served. Without clicking or visiting anything shady. Reputable sites deliver malware through their embedding of ads.

That's not theoretical (like your "but HN could deliver malware, too), that's reality.

dwildOP6y ago

> You just get the malware Javascript served.

Which happens on any link you click on Reddit, Hacker News or Facebook. Unless you don't click on them and only visit website that you consider trustworthy, you get the exact same risk. Actually even if you may feel that a link is trustworthy, it doesn't even means it actually is, like it happened for the past Firefox 0-day exploit. This guy nearly got it by trusting that [0].

[0] https://robertheaton.com/2019/06/24/i-was-7-words-away-from-...

> That's not theoretical (like your "but HN could deliver malware, too), that's reality.

My textual example was to discredit the Forbe example. I have an hard time understanding your point about it being theoretical. Are you actually refering to my other example about links from HN that could contains malicious Javascript? That's to know if you check links or you click on them arbitrarily with all the risk that come with it.

My point is that malicious Javascript is extremely rare and when it does happen, it's targeted and doesn't use ad network. Theses vulnerabilities are gold mine and it makes no sense to put it on an ad network and hope that you'll get enough out of it before it get caught and removed/fixed. Selling it to the highest bidder or targeting a specific group of people make much more sense.

If you have any example of where an actual malware was spread using ads, I would be happy to learn about it.

I'm also curious to know if you block Javascript and if you do, why do you block ads on top of that?

Tomte6y ago

> If you have any example of where an actual malware was spread using ads, I would be happy to learn about it.

I just gave you a first-hand account of exactly that happening, and you keep dismissing that, claiming that it does not happen.

If you don't believe me, google for it. There have been plenty of articles about ad networks as malware services.

I find your behaviour here very dishonest, and for me it's EOD.

2 more replies

j / k navigate · click thread line to collapse

0 pointsdwild6y ago0 comments

> to regain control of your browser is to either reboot the iPad (that's what many normal people do) or you force-close Safari...

That's seems more like a browser issue, but none the less, any links on Hacker News could do the same.

I don't consider that malware to have to close an application, just like I don't consider a malware a link that rick roll me (which still force me to close a tab ;) unless I want to stay on Youtube).

> That's not what happens.

I don't understands really what you means by not what happens.

> Maybe you should contemplate the possibility that you're wrong.

I contemplate each time I'm discussing with someone about it. I still haven't got any evidence about it.

If we were arguing blocking Javascript for security purpose, now that does make sense (still pretty unlikely, but based on news, it seems to happen much more).

0 comments

Tomte6y ago

That's not theoretical (like your "but HN could deliver malware, too), that's reality.

dwildOP6y ago

> You just get the malware Javascript served.

[0] https://robertheaton.com/2019/06/24/i-was-7-words-away-from-...

> That's not theoretical (like your "but HN could deliver malware, too), that's reality.

If you have any example of where an actual malware was spread using ads, I would be happy to learn about it.

I'm also curious to know if you block Javascript and if you do, why do you block ads on top of that?

Tomte6y ago

> If you have any example of where an actual malware was spread using ads, I would be happy to learn about it.

I just gave you a first-hand account of exactly that happening, and you keep dismissing that, claiming that it does not happen.

If you don't believe me, google for it. There have been plenty of articles about ad networks as malware services.

I find your behaviour here very dishonest, and for me it's EOD.

2 more replies

j / k navigate · click thread line to collapse