is it an exploit or not ...after all if it walks like etc..

4 comments

Firstly ..Hi ( missed the usual intro threads ..sorry ;-) ..
Secondly ..looking for opinions ..;)
Following the recent experiences of many with some adjusted adsense js code ( supplied by Google ) attempts at triggering downloads of quicktime player updates and acrobat reader etc updates etc in IE 6 and 7 via such gems as ...
"var plugins=new Array("image/svg-xml", "application/x-director", "application/x-shockwave-flash", "audio/x-pn-realaudio-plugin", "video/quicktime", "application/x-mplayer2", "application/pdf"
Should one beleive as Google say that it was all in error and due to "technical issues" ..or might it have been a rather indiscreet attempt at readying everyone for soon to be delivered expanded video content from Google ( one can do many things with js ..some of them good ..some evil ..is an attempting an unasked for download "good" ? )...

or would one term that an attempted "exploit" ?...term usually used for code that attempts to initiate unasked for changes to a users machine, it's programs or it's config in general ..

if it walks like a duck etc etc ..it usually is ( even if it's denied later ..or said to be a technical chicken ..or at best technical foul )..

was it evil ..or just sloppy implemention ..or a bad data.. push ..or did the mask breifly slip just a wee bit more ?

discussion also at WMW here http://www.webmasterworld.com/google_adsense/3043578.htm

Comments

Accidentially on Purpose

There is no way it could not have been. Google are evil, this crap totally proves it.

credit to plumsauce for the code interpretation ;-)

felt I should mention that ..and also Sami for sharp eyes..although the quack was loud and clear , even above the chants of the G fanboys, they were the first to actually identify the apps that Goosgle was calling to in the electronic skies.

a clarification ....

Sami was the one who posted the code snippet. I only looked at it and postulated on it's effect.

The one line:

It wasn't a mistake. It was deliberate.

seems to have galvanized the discussion into one direction.

In a followup, I did point out that while deliberate, in that code does not insert itself, no particular motive was discernable. In my own mind, I was leaning towards the incorporation of additional tracking techniques, additional technical demographics, or additional deals with the various plugin purveyors to help them get onto machines.

It is certain that it does not add to the end user experience. Even *if* all the plugins are present, the launch is going to chew up a bunch of cpu cycles, physical memory and virtual memory. Your 4k page just became bloatware :)

As for the forgiving nature of one particular poster in that thread, I can only say that accident or not, it shows a complete lack of discipline in the code release process that would be unforgivable in companies many times smaller than the big G in terms of revenue and purported coding talent.

There is another thread going on about how difficult it is to reset the IE homepage to something other than the big G on DELL delivered systems. If this extends to corporate systems, it should be fun once discovered by the typical BOFH.

Thanks for that!

This was beginning to do my head-in to the point of running Spybot.

One of the disadvantages of multi-tabbed browsin is it's difficult to know which page has triggered unusual behaviour.

I have to say, I did suspect Google but each time I dismissed the thought. Why? Well that's the power of their brand innit... I should know better after the autolink debacle but it shows the power of trust it holds, if only sub-consciously.

ThePost

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.