Comments on: Is Adgregate Insecure? http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html Redfin Corporate Blog Fri, 10 Feb 2012 02:35:37 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Matthew Dempsky http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html/comment-page-1#comment-5630 Matthew Dempsky Sun, 12 Apr 2009 00:49:48 +0000 http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html#comment-5630 As an update to Henry's last post, their "verification" process is ridiculously insecure. A coworker of mine first pointed out to me how insecure it was, and for the past week, I've been able to break every change they've made within half an hour of effort. I've tried emailing them three times now to open a direct means of communication to explain how they can actually do this verification process securely, but they keep ignoring me. It seems they're not genuinely interested in protecting their users from phishing attacks. As an update to Henry’s last post, their “verification” process is ridiculously insecure. A coworker of mine first pointed out to me how insecure it was, and for the past week, I’ve been able to break every change they’ve made within half an hour of effort.

I’ve tried emailing them three times now to open a direct means of communication to explain how they can actually do this verification process securely, but they keep ignoring me. It seems they’re not genuinely interested in protecting their users from phishing attacks.

]]> By: Henry, CEO of Adgregate http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html/comment-page-1#comment-5234 Henry, CEO of Adgregate Mon, 09 Feb 2009 14:54:29 +0000 http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html#comment-5234 Thanks for your interest in ShopAds. I want to update your readers that each ShopAd now has a unique ID verification which consumers may click on to ‘verify’ it is an authentic ShopAd. The authentication message is hosted on our secure https server, which cannot be duped. To see this work, go to http://www.adgregate.com, click on “Showcase” and roll over any ShopAds icon on bottom left corner of the ShopAd to validate the ShopAd. Thanks for your interest in ShopAds. I want to update your readers that each ShopAd now has a unique ID verification which consumers may click on to ‘verify’ it is an authentic ShopAd. The authentication message is hosted on our secure https server, which cannot be duped. To see this work, go to http://www.adgregate.com, click on “Showcase” and roll over any ShopAds icon on bottom left corner of the ShopAd to validate the ShopAd.

]]> By: Henry, CEO of Adgregate http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html/comment-page-1#comment-3755 Henry, CEO of Adgregate Thu, 11 Sep 2008 14:39:35 +0000 http://blog.redfin.com/blog/2008/09/is_adgregate_insecure.html#comment-3755 very good points by sasha, and all correct of course. while it is true we are securing the transamission of data, there are a number of things mr. evil can still do if they are intent on stealing info from users. our solution has been tested to be a commercially reasonable solution for our major partners who are using it today. and i think our biz model is preconditioned that there is reasonability w/the user/scenario as well. our model is based on working with trusted advertiser brands and publishers. if a user encounters our ad on a publisher site they don't trust, or from a merchant they don't trust, then we believe consumers will not transact in those instances. thus, our ads are overwhelmingly succesfful when they are distributed in a targeted fashion and not a blind network purchase. to address the potential problem of users still mistaking a copy cat ShopAd for ours, however, we are working on a click thru on the ShopAd which leads the user to a verification on our secure site which will include a unique identifier for each ShopAd. much like the way you click thru a verisign logo today. we will launch this added security feature very soon. for the advertisers and publishers we work with today, this has been a commercially reasonable solution for their customers, and they are seeing positive results (actual product sell thru) because of it. we continue to add to our advertiser base weekly, so stay tuned for more exciting announcements on our end! very good points by sasha, and all correct of course. while it is true we are securing the transamission of data, there are a number of things mr. evil can still do if they are intent on stealing info from users. our solution has been tested to be a commercially reasonable solution for our major partners who are using it today. and i think our biz model is preconditioned that there is reasonability w/the user/scenario as well. our model is based on working with trusted advertiser brands and publishers. if a user encounters our ad on a publisher site they don’t trust, or from a merchant they don’t trust, then we believe consumers will not transact in those instances. thus, our ads are overwhelmingly succesfful when they are distributed in a targeted fashion and not a blind network purchase. to address the potential problem of users still mistaking a copy cat ShopAd for ours, however, we are working on a click thru on the ShopAd which leads the user to a verification on our secure site which will include a unique identifier for each ShopAd. much like the way you click thru a verisign logo today. we will launch this added security feature very soon. for the advertisers and publishers we work with today, this has been a commercially reasonable solution for their customers, and they are seeing positive results (actual product sell thru) because of it. we continue to add to our advertiser base weekly, so stay tuned for more exciting announcements on our end!

]]>