In association with heise online

19 June 2008, 10:36

Report slams US advert server for "wiretapping, forgery and browser hijacking"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

US personalised advert server NebuAd has been accused by lobbying group Free Press of tampering with web traffic and third party page content and illicit redirection of users' requests.

NebuAd is a US-based ad serving system offering ISPs a service similar to that of Phorm, which has attracted so much recent controversy in the UK. However, it seems that NebuAd has taken intrusiveness to a whole new level. A technical report by Robert M. Topolski describes how NebuAd forges IP packets to inject its own JavaScript into requested pages. This script, which executes in the context of the user-called page, downloads further JavaScript from – a NebuAd-owned domain. The script from then injects several cookies containing a unique user identifier into the user's browser. Apparently, none of this activity is visible to the user.

Topolski points out that to accomplish the injection, NebuAd must necessarily deep packet inspect the traffic between the user and their ISP, impersonate the target IP address, and tamper with the protocol by forging control data. He likens NebuAd's activities to malicious intrusion, identifying similarities with cross site scripting, man in the middle attacks and browser hijacking. The matter has already been put before the US Congress.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit