SoylentNews is people
SoylentNews
The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list.
On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware "exploit kits," lock up their hard drives in exchange for Bitcoin ransom. The exploit used was a version of hackenfreude.
Forbes has recently taken some flack from Soylent News readers for its heavy-handed approach to ad blockers.
(Score: 1) by mrsam on Monday January 11 2016, @03:13AM
That is not a valid excuse for serving up malware. The buck stops with the web site.
Of course, I bear no illusion that:
1) Someone will sue Forbes, or anyone else for infecting them with malware, and
2) They will win
But if someone is going to get sued, the proper entity to bear the liability would be the primary web site. It is the primary web site that transmitted the link that set off the chain of events that resulted in malware infestation, so they should be held fully liable. If they do, and they wish to take it up and then, in turn, sue their ad provider, that's their business, and their decision to make.
If a defective part in a Honda results in injury, it's going to be Honda that gets sued, and not a third party manufacturer that supplied the part to Honda. Even if it's true that the third party manufacturer delivered parts that failed to meet Honda-specified requirements, and that was the direct cause of the injury, it will still be Honda that gets sued. It is their responsibility to do due diligence and verify the quality of the parts they source from other third parties, and install in their vehicles.
It's certainly possible that an aggressive lawyer, in this hypothetical situation, would sue both Honda and their supplier. But the point is that Honda will always be on the hook. Because they are still responsible for their due diligence, in their cars.
Similarly, it's the primary web site's responsibility and due diligence to ensure that the content they serve directly, to a web browser, does not directly or indirectly attempt to serve malware. If they use a third party provider, it's their due diligence to verify that the third party provider will not do that. How could the primary web site verify that? That shouldn't be anyone's problem other than the primary web site's.
(Score: 2) by BK on Monday January 11 2016, @03:38AM
The reason no-one has been sued for this type of thing yet is that it is really unclear who is responsible. And when it is, the clearly responsible party is out of the jurisdiction of the party harmed. But this case could different. We need a car analogy:
Car accidents happen every day because of bad drivers like you. I say you because my driving is perfect. But sometimes, in dense traffic, a bad driver, allows someone to make a turn across traffic. They wave them in.. "It's OK. I'm stopped. Go ahead." And they pull across your lane and into the next and are immediately involved in an accident. It turns out that the (moronic) person who waves the entering traffic through is responsible for their misadventure. Really. [claimsjournal.com]
So it may be that directing users acting prudently by running an ad blocker, an entity may become liable for the result of following those instructions. But we'd have to feed lawyers to find out.
...but you HAVE heard of me.