BenAnderson.net

a window into my world.
 
 

Fair Eagle taking over the world? ISPs being compromised or just cheap?

by Benjamin Anderson 12. June 2007 20:59

Updated July 25th, 2007

I've noticed something recently; there has been an overwhelming number of Fair Eagle ads showing up all over the place.  This occurs on my Mac and my PC and after investigating the issue further I've found that the ads are being appended to all .com domain HTML requests.  It appears that this is the result of a proof of concept from an advertising agency which will append the JavaScript for the advertising to every .com site's HTML.

The code is on every website from penny-arcade to apple.com, but it doesn't always show the ads.

image

This really frustrates me, and to an extent is a violation of our contracts with the ISPs.

It’s a possibility that the proof of concept uses an exploit for firewalls or other networking equipment, but I just feel violated.


I’ll post more when we find it.

Here is the JavaScript being appended to the HTML files:
<script language="JavaScript">
nebuad_c="P10025";
nebuad_d="00000046";
nebuad_u="3464188158";
nebuad_v="1.2";
nebuad_ts="1182529944";
nebuad_g="6286";
nebuad_p="aHR0cDovL3d3dy5tc24uY29tLw==";
</script>
<script language="JavaScript" src="http://a.faireagle.com/a?t=s&c=P10025&d=00000046&u=3464188158&v=1.2&ts=1182529944&g=6286&p=aHR0cDovL3d3dy5tc24uY29tLw=="></script>

 

Update: It turns out this a is a hardware solution for ISPs to make backend revenue.  Apparently the money you pay for their service isn’t enough.  This is the case for both personal and business customers of Redmoon in DFW.

More info can be found here:
http://jaiku.com/channel/twit/presence/4880265

Update 2: They have turned the ad injection off.  As to whether or not the hardware is still sitting on their network and sniffing out data, I don’t know, but the ads are gone.  Either way this has left a bad taste in my mouth and I plan to switch providers.

Update 3 (July 25th): The University of Washington security and privacy research group and ICSI have created a measurement infrastructure to help answer these questions. By visiting their web page, you are helping out with our experiment. http://vancouver.cs.washington.edu/

Update 4 (July 16, 2008): http://arstechnica.com/news.ars/post/20080715-congress-goes-after-nebuad-again.html

Tags: , , ,

Categories: mental dump | webhosting

Permalink | Comments (4) | Post RSSRSS comment feed

Comments (4) -

12/9/2008 8:04:36 AM #

The original comments and post can be found here: www.benanderson.net/.../weblog.php?id=D20070622

Benjamin United States

12/21/2008 7:59:18 AM #

I used to see these Fair Eagle ads too. I definitely thought they were a violation of my rights too.

Speed Dating United States

1/6/2009 4:41:56 AM #

I cant believe they can do that for all .com domains - so unethical.

London Tours United Kingdom

2/22/2009 3:33:40 PM #

What is this? I had the same fair eagles. Is it spam? My spybot didnt detect it or adaware. How do we ditch this problem?

Regards,
Linda

Auto Insurance United States

Sponser

I review for BookSneeze

About the author

Benjamin is a software developer in the DFW area.  He spends his free time playing video games, programming, doing graphics design and photography, and reading.

Month List

Page List

    Widget BookShelf not found.

    The file '/Blog/widgets/BookShelf/widget.ascx' does not exist.X

    Categories

    Tags

    © 2005-2008 Benjamin Anderson. All rights reserved. Powered by BlogEngine.NET 2.5.0.6