Interesting new way for an attacker to monetize based on XSS Browser History Attacks. (Jeremiah’s hack with java or RSnake’s hack without java).
This holiday season might be the right time to have that little talk with mom and dad about practicing ‘safe-browsing’
Sounds like contextual advertising based upon reviewing cookies stolen from your browser… well- just read this snippet from their Terms and Conditions page
(creative spelling and grammatical goodness preserved for all intents and purposes)
“2.d. Wozad Matching Ads are choosed as a result of your each visitor browsing history, you are the sole responsable for informing and let your visitors agree that their browsing history will be analyzed for targeting purposes. You are also the sole responsable about any privacy-issue that may arise between you, your site, Wozad and/or Wozad Advertisers, and a third party (visitor).”
Before I give you the site, let me remind you that you really need to be running FireFox with something like NoScript <http://noscript.net> and it better be on and blocking….
www <dot> wozad <dot> com
Through a hack, maybe you don’t need referral networks to glue together contextual based ads. Maybe you don’t really need privacy… and they don’t need ethics…
I saw this on one of my RSS feeds, but I had to offer this up if you hadn’t seen it. The post was only the URL. Have fun, safe browsing!