Have you ever used the Mozilla plug-in Firebug and gone to a website like cnn.com, time.com or [ insert your favorite media or news outlet here ] ? It’s amazing how site much content loads from multiple IP addresses that do not belong the the entity you are visiting. Your one page is made up of dozens of different content providers. In the Web Dev world, it’s common practice; and has been for some time now. Many sites are monetized this way and simply provide, plug-in, referrer link or API to advertisement hosting sites as part of their source code. The link then could be to another piece of code that uses Active X in a bad bad way.
The problem comes when site owners blindly slap the code in and do not inspect or sanitize the code for evil. Or a content owner does not protect their site with an Application Firewall. Where does culpability rest if I, as a normal everyday joe, go to a “friendly” site and my computer becomes infected with Locky or some other nastiness? In this example, posted by FireEye, Forbes.com was hosting malware in a bad way. Facebook has hosted links to badness as well.
What legal protections protections do I have as a consumer of Forbes content against their inability to exercise to due care regarding their website? None that I know of. I am not aware of any current Court case that is setting precedent here.
We need laws that protect us here. Make it financially painful for these big companies if they are caught hosting malware, regardless if they get it from being hacked; or if they get it through hosting ads that were hacked. Believe you me, if one big content provider got popped with an enormous fine, others would fall in line and begin to put appropriate practices in place to both sanitize all their code; under stand where their code points and also put up some decent Application Firewall Defense. C’mon Congress!!