IAB SafeFrame


Last week I had the opportunity to present a relatively new IAB standard on a local ad industry event in Germany, the Admanagerforum (More: http://www.admanagerforum.de/). It’s a technology I highly anticipated and supported at Yahoo, the company I work for before it was even submitted to the IAB. I certified rich media vendors for it and made sure it rolled out properly across Yahoo sites in Europe and Middle East (EMEA). Some peopele say that too specific standards kill innovation in the online industry but in my opinion it’s the cure to many problems in online advertising. From security, ad fraud, code quality to billing and discrepancies. SafeFrame is an important step ahead in improving ad code quality in rich media ad tags, improving security for publisher sites and it provides the ability for billing based on viewable impressions too (finally accredited by the MRC). Ad fraud is something that’s more difficult in a SafeFrame environment as well. About half of the audience in the summit has been on DFP and Google recently implemented support for this in GPT so the feedback and interest was better than I expected. Approximately one third of the audience indicated interest in learning more about the topic later.

Enjoy this great infographic from the IAB website (http://www.iab.net/safeframe) and listen to my colleague Sean Snider, the software architectect who mainly developed SafeFrame at Yahoo and James Deaker explaining the viewablity aspect. My presentation in German is available here via OneDrive: http://1drv.ms/1CCLwcs


Webseclab Web Security Scanner



My colleague Dmitry opensourced Webseclab yesterday at FOSDEM in Brussels [1] – https://github.com/yahoo/webseclab – a sample set of tests for web security scanners, and a toolkit (or mini-mini-framework) to easily create or modify such tests or demos.  Take it for a test drive – it should be easy to install (using Go – need to set GOPATH environment variable to some directory like $HOME or $HOME/go):

go install github.com/yahoo/webseclab/...

Godoc: http://godoc.org/github.com/yahoo/webseclab

[1] https://fosdem.org/2015/schedule/event/go_web_security_scanner/




Really funny what came out about GhostNet & the Dalai Lama now – full story: http://www.readwriteweb.com/archives/ghostnet_turning_computers_into_giant_bugs.php – it seems the Chinese hackers are really taking their job seriously – the bad thing is that the public is not aware of it! According to iDefense Labs http://labs.idefense.com/ there is a clear connection between the Chinese army and hacker groups since many years.

I’m 100% sure the cyberwar is going in multiple directions: China <-> USA <-> Europe – I remember when MicroSoft started “turning off” illegal Windows copies in China for one day – so there IS a backdoor in Windows. Encrypted files in Windows? Not a problem, it’s very well known that the NSA has the master-key. I think it’s very dangerous what these Chinese Hackers do – especially because they think it’s right. Dedicated site about “Red Hackers”: http://www.thedarkvisitor.com/