[Owasp-board] Banner Ads

Tom Brennan tomb at owasp.org
Tue Jul 20 03:43:56 UTC 2010


Thanks for the barter help Mr. PHP ;)

Kate and the others on this cc: can handle the barter effort, I am off
the grid the rest of the week however you can reach Larry/Jeff at
301-604-4882 to lend a hand they may also be interested in your PHP
abilities for other reasons too..

I will ping you when i return on the 26th.

On Mon, Jul 19, 2010 at 10:31 PM, Hans Zaunere <hans.zaunere at nyphp.com> wrote:
> I could take care of this - no money needed but sponsorship logo works - let
> me know details
>
> Also good timing - we're planning a potentially international conference in
> the fall/winter and want to chat
>
> I could chat tmrw late afternoon or wed as needed
>
> ---
> Hans Zaunere / via PDA
>
>
>
> ----- Reply message -----
> From: "Tom Brennan - OWASP" <tomb at owasp.org>
> Date: Mon, Jul 19, 2010 8:06 pm
> Subject: [Owasp-board] Banner Ads
> To: "Jeff Jeff.Williams at Owasp.Org" <jeff.williams at owasp.org>, "Larry Casey"
> <larry.casey at owasp.org>, "Laurence Casey" <larry.casey at aspectsecurity.com>,
> "'Matt Tesauro'" <matt.tesauro at owasp.org>
> Cc: "OWASP Foundation Board List" <owasp-board at lists.owasp.org>,
> "alison at owasp.org" <alison at owasp.org>, "Hans Zaunere"
> <hans.zaunere at nyphp.com>
>
>
> Hans - got some time for a php fix for owasp ? See below / Let's us know how
> much
>
> FYI - hans.zaunere at nyphp.com
>
>
> Semper Fi,
>
> Tom Brennan
> OWASP Foundation Inc.
> Tel: (973)506-9303
>
> -----Original Message-----
> From: "Jeff Williams" <jeff.williams at owasp.org>
> Sender: owasp-board-bounces at lists.owasp.org
> Date: Mon, 19 Jul 2010 17:04:34
> To: 'Laurence Casey'<larry.casey at owasp.org>; Laurence
> Casey<larry.casey at aspectsecurity.com>; 'Matt
> Tesauro'<matt.tesauro at owasp.org>
> Cc: 'OWASP Foundation Board List'<owasp-board at lists.owasp.org>;
> <alison at owasp.org>
> Subject: Re: [Owasp-board] Banner Ads
>
> I agree.  We can't have an open redirect on the main page of OWASP.
>
> --Jeff
>
>
> -----Original Message-----
> From: owasp-board-bounces at lists.owasp.org
> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Laurence Casey
> Sent: Monday, July 19, 2010 4:48 PM
> To: Laurence Casey; 'Matt Tesauro'
> Cc: 'OWASP Foundation Board List'; alison at owasp.org
> Subject: Re: [Owasp-board] Banner Ads
>
> Tom,
>
> The ad software still has the bug and will require some assistance from the
> php community to fix it. I think links should be disabled until fixed. The
> problem is simple, but would require a significant change in the
> architecture to fix.
>
> Here is the problem. The software requires the destination address to be
> embedded in the url. Link below.
> http://ads.owasp.org/www/delivery/ck.php?oaparams=2__bannerid=42__zoneid=2__
> cb=955717f46f__oadest=http%3A%2F%2Fddifrontline.com
>
> We need a php developer to take a look see.
>
> Thanks
>
> --Larry
>
>
> -----Original Message-----
> From: Laurence Casey [mailto:larry.casey at aspectsecurity.com]
> Sent: Friday, July 16, 2010 8:34 AM
> To: Matt Tesauro; Laurence Casey
> Cc: tomb at owasp.org; Kate Hartmann; OWASP Foundation Board List;
> alison at owasp.org
> Subject: RE: [Owasp-board] Banner Ads
>
> Matt,
>
> Thanks for the info. I installed that latest and greatest last night. We are
> using 2.8.5.
>
> --Larry
>
> -----Original Message-----
> From: Matt Tesauro [mailto:matt.tesauro at owasp.org]
> Sent: Thursday, July 15, 2010 11:08 PM
> To: Laurence Casey
> Cc: tomb at owasp.org; Kate Hartmann; 'OWASP Foundation Board List';
> alison at owasp.org; Laurence Casey
> Subject: Re: [Owasp-board] Banner Ads
>
> I'm not sure what version is installed on ads.owasp.org but looking at the
> OpenX site, it would appear the latest addresses known vulnerabilities.  The
> latest is 2.8.5.  However, that's so new the latest release notes are for
> 2.8.4:
> http://www.openx.org/docs/2.8/release-notes/openx-2.8.4
>
> http://www.openx.org/docs/2.8/release-notes/openx-2.8.5 => 404's
>
> Download the latest here:
> http://www.openx.org/en/ad-server/download
>
> According to the latest reports on Secunia, if we run the latest, we're
> patched for all known vulnerabilities:
> http://secunia.com/advisories/product/4585/
>
> There's another vulnerability reported in the OSVDB:
> http://osvdb.org/show/osvdb/64887
>
> According to the posting on bugtrag:
> http://seclists.org/bugtraq/2010/Mar/118
> there's a XSS in banner.swf using the parameter clickTAG.  If this is the
> vulnerability you're referencing, then I didn't find explicit info that this
> was fixed in 2.8.5.
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
> On 7/15/10 9:46 PM, Laurence Casey wrote:
>> At the time, it was better to not allow banners to be clicked since a
>> vulnerability was present. OpenX has released another update that may
>> fix the issue. Can you somebody please confirm that this has been
>> fixed? I have enable the links again for testing.
>>
>> Thanks
>>
>> --Larry
>>
>> -----Original Message-----
>> From: owasp-board-bounces at lists.owasp.org
>> [mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan
>> - OWASP
>> Sent: Thursday, July 15, 2010 8:00 PM
>> To: Kate Hartmann
>> Cc: OWASP Foundation Board List; alison at owasp.org; 'Laurence Casey'
>> Subject: Re: [Owasp-board] Banner Ads
>>
>> This is terrible and egg on our face as a appsec org, the purpose of
>> it is to run ads with links to content and drive advertising.
>>
>>
>> ------Original Message------
>> From: Kate Hartmann
>> To: 'Tom Brennan'
>> Cc: alison at owasp.org
>> Cc: Jeff Jeff.Williams at Owasp.Org
>> Cc: 'Laurence Casey'
>> Subject: RE: Banner Ads
>> Sent: Jul 15, 2010 7:52 PM
>>
>> There is a problem with Open X (the advertising program used to run
>> the ads).  It has been this way for several months, and as far as I
>> know there are not any pending fixes or upgrades.
>>
>> Kate Hartmann
>> OWASP Operations Director
>> 9175 Guilford Road
>> Suite 300
>> Columbia, MD  21046
>>
>> 301-275-9403
>> kate.hartmann at owasp.org
>> Skype:  kate.hartmann1
>>
>>
>> -----Original Message-----
>> From: Tom Brennan [mailto:tomb at owasp.org]
>> Sent: Thursday, July 15, 2010 3:50 PM
>> To: Kate Hartmann
>> Cc: alison at owasp.org
>> Subject: Banner Ads
>>
>> How come the banner ad's do not link to the website that they are
> promoting?
>>
>>
>>
>> Semper Fi,
>>
>> Tom Brennan
>> OWASP Foundation Inc.
>> Tel: (973)506-9303
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> --
> -- Matt Tesauro
> OWASP Board Member
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>



More information about the Owasp-board mailing list