Oct 31
After Google lost out last week in it’s bid for a stake in FaceBook, it’s pretty apparent one of the reasons Facebook chose Microsoft instead was that Google is about to unleash a true contender to the stranglehold Facebook has on the social networking world. Later this week Google will announce the OpenSocial API, it’s initiative to break down the walls of social networks exclusivity and open the data up for anyone to use. I can’t comment to too much on how specifically it will work since the details have not emerged, but it’s pretty apparent that the social networking world will now be MySpace, Facebook, and everyone else, with “everyone else” being part of OpenSocial.
Facebook meanwhile is planning on launching it’s own competitor for Google’s AdSense with an upcoming announcement regarding its SocialAds network. SocialAds will work by a cookie Facebook drops in your browser that follows you from site to site, and when you come across a SocialAds supported site, the (encrypted?) data is then sent to Facebook which in turn delivers an ad based on your profile. Interesting concept, but I’m not sure how useful basic profile information will be in tailoring ads towards things I’d like to buy.
The next year should be fun as both companies, with egos like none other, try to out-do the other.
written by Derek
\\ tags: 119, 128, 129, 158, 16, 60, 76
Oct 11
written by Derek
\\ tags: 140, 146, 148, 150, 156, 16, 172, 4, 76, 77
Oct 11
In a logical step, Google has launched a mobile version of it’s ad network AdSense so users can now visit sponsored links on sites they are browsing on their phone. The original incarnation of AdSense uses JavaScript to embed ads in a page, which carries little security risks to the user and the server the page is hosted on. However, because most mobile devices don’t support JavaScript, they had to resort to using servers-side scripting languages (PHP, Perl, ASP, etc..) to embed ads prior to delivering the page to the user. Here’s an example of the PHP version of Mobile AdSense.
<?php
$GLOBALS[’google’][’ad_type’]=’text’;
$GLOBALS[’google’][’channel’]=”;
$GLOBALS[’google’][’client’]=’pub-5039159613133207′;
$GLOBALS[’google’][’format’]=’mobile_single’;
$GLOBALS[’google’][’https’]=$_SERVER[’HTTPS’];
$GLOBALS[’google’][’host’]=$_SERVER[’HTTP_HOST’];
$GLOBALS[’google’][’ip’]=$_SERVER[’REMOTE_ADDR’];
$GLOBALS[’google’][’markup’]=’xhtml’;
$GLOBALS[’google’][’output’]=’xhtml’;
$GLOBALS[’google’][’ref’]=$_SERVER[’HTTP_REFERER’];
$GLOBALS[’google’][’url’]=$_SERVER[’HTTP_HOST’] . $_SERVER[’REQUEST_URI’];
$GLOBALS[’google’][’useragent’]=$_SERVER[’HTTP_USER_AGENT’];
require(’http://pagead2.googlesyndication.com/pagead/show_ads.php’);
?>
While Google’s motto is “Do No Evil” and I don’t think they would ever do anything to harm a Mobile AdSense client’s server, using server-side scripting languages presents a massive security hole on most servers. Once I can execute that code on your serer, all bets are off. One could access the database to gain customer information, redirect users to phishing sites, or even just reformat the hard drive just for the hell of it. The best method for hacking a server running Mobile AdSense would be DNS Cache Poisoning.
While I don’t exactly have any solutions on a method to deliver dynamic ads from the AdSense network that doesn’t use JavaScript or a server-side scripting language, I find their approach completely unacceptable from a security perspective and you will find a lot of objection in the enterprise community towards this method.
written by Derek
\\ tags: 135, 16, 76
