The November 2022 issue of IEEE Spectrum is here!

Close bar

Over the weekend, the New York Times Web Site was infiltrated by a hacker that, it said over the weekend,

"who first posed as a legitimate advertiser, then started hitting site visitors with aggressive advertisements that appeared to be warnings about viruses."

In a longer story published by the Times yesterday, it explained that:

"As reports of strange activity came in over the weekend, the technical and advertising staff at The Times began to suspect that a rogue ad had slipped through this way, and they moved to stop displaying such ads, said Diane McNulty, a spokeswoman for the Times Company.

But it now appears that the ad was approved by the site’s advertising operations team, Ms. McNulty said. People visiting nytimes.com continued to complain about the pop-up ads throughout the weekend.

'Our first instinct was that it was a third-party ad network,' said Marc Frons, chief technology officer of the Times Company. 'That is where we looked first and why it took a longer amount of time to shut down. The other issue is that it was sporadic and difficult to reproduce.'

The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.

Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. 'In the future, we will not allow any advertiser to use unfamiliar third-party vendors,' she said."

Oops.

The Times, which says it doesn't know how many readers were affected, appears pretty embarrassed by the whole affair.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}