Trusting Your ISP With Your Clicks

Cyber Security sleuths Dan Kaminsky and Jason Larsen have found significant security vulnerabilities in some affiliations that large ISPs have with ad serving companies. The Washington Post reports on their recent findings:

ISPs like Earthlink, Qwest and Verizon have outsourced at least portions of
their ad-serving technology to BareFruit, a London-based company that
specializes in helping ISPs monetize wayward Web searches. The trouble is that
until late this week, BareFruit's ad servers were vulnerable to what Kaminsky
called a "trivial to find and exploit" vulnerability that would make it simple
for fraudsters to trick users of those ISPs into visiting malicious Web sites
that appear to be located at trusted sites.

More broadly this security issue raises questions about whether thoses with access to our online informaiton and online activity details are protecting us responsibly enough. The US Government, Google, Yahoo, MSN and others collect extensive details about search activity, email content, and more. Even the issue of who owns your data is not resolved to any reasonable degree. The value of this data increases as data mining and advertising targeting techniques improve so the online community is well advised to clarify many of these data ownership and data stewardship issues immediately, because the Pandora's box of personal information opens wider every day.