Why, the heck, does Google allow an ad to show a domain/URL that the advertiser does not control, while letting the ad actually link to another domain. What kind of twisted advertising process logic conspired to overrule the security review on this? agora.echelon.pl/objects/310d887d-e111-48a4-9331-bc9e6b8cdd3b
RE: agora.echelon.pl/objects/310d887d-e111-48a4-9331-bc9e6b8cdd3b
=> More informations about this toot | More toots from tilde@infosec.town
@tilde like allowing the link to be under the same eTLD+1 would seem… fine. but a totally different eTLD+1?!
=> More informations about this toot | More toots from gsnedders@glauca.space
@tilde may also just be a bug; twitter had one of those for years now (but they, despite this one reporting it, did not ever properly fix the underlying issue). it is pretty easy to prevent this so google definitely fucked up here, but it may just be a zeroday burnt to get more folks infected
=> More informations about this toot | More toots from lexi@catcatnya.com
@lexi It would be, uh, quite a bug? This isn't some weird corner case or something which only happens when you're manually juggling memory addresses, you know? It feels like a pretty big deal.
=> More informations about this toot | More toots from tilde@infosec.town This content has been proxied by September (ba2dc).Proxy Information
text/gemini