As you may (or may not) know, I also have a points consulting service, whereby we help people redeem their airline miles. I have several colleagues working with me, and they’re some of the most knowledgeable and passionate people I know in this hobby. During my dad’s round the world surprise birthday trip they offered to step in and help with some guest posts. Thanks to the positive feedback, they’re back with more. This post is from my friend Tiffany, whom you’ve heard from before.
In the past few weeks, you might have noticed people commenting about getting served sketchy pop-ups when they access the site, or click on links in the newsletter. You might even be one of those people.
It’s inexcusable. And we’re really sorry. Especially Ben.
The blog is basically his baby, so having people hijack his site and ruining the experience for y’all is just maddening.
So we’d like to interrupt your regularly-scheduled miles and points party to talk about why this is happening, what is being done about it, and what you can do on your end in the meantime.
Full disclosure: I am not an expert at advertising, malware, technology, or the internet at large. So this is going to be a very simplistic explanation, and if you are an expert in one of the above, please (please!) add your knowledge to the comments.
How does internet display advertising work?
The way I understand it, the majority of the ads you see on the internet, including BoardingArea, are powered by gigantic ad exchanges and servers. Think of like a catalog of potential advertisements in the cloud.
When you load a page that has advertising (so basically the bulk of the internet), the site says “Hey! I need a 350 x 350 ad to display for this user!” and the code from the ad pops into the correct slot.
The problem is that anytime there’s a network of anything, malicious people will try and use it for nefarious purposes. So what’s happening is that in addition to the trillions of billions of good, legitimate advertisers providing ad code to this catalog, there are also some nasty bugs as well. Some of these are so sophisticated they embed themselves like parasites into good ads, and are able to subvert some of the security checks.
Of course, the ad agencies and the people who control the exchanges are really aggressive about trying to keep the bad code out. Their reputation and income depends on it! Unfortunately, the more robust the security measures, the craftier the malware writers have to be, and you basically end up with the internet-equivalent of penicillin-resistant bacteria.
And the current malware ads are incredibly hard to root out, apparently. These aren’t like the email viruses from the days of Juno and NetZero accounts — you don’t necessarily have to click on these ads in order for their malicious code to be passed to your machine.
It’s a real problem.
See, what happens is that you visit a site, and are somehow infected with this yucky code. It doesn’t necessarily have to be an *ahem* disreputable site either — AOL, The Huffington Post, LA Weekly, and other major sites have all been impacted by this problem recently.
What’s worse, you might not even know you’ve been infected!
Part of what makes these attacks so difficult is that they don’t instantly (necessarily) start wreaking havoc on your internet experience. Instead they install a little beacon on your computer, or in your browser.
That is bad enough, but what this beacon seems to do is send out a “signal” to other bad ad codes. So each time you load a site with advertising, rather than the site just saying “Hey! I need a 350 x 350 ad to display for this user!” there’s another ping saying “WOOOT! PARENTS ARE OUT OF TOWN AND JOE BROUGHT A KEG!!!!!”
That’s cute, but how do I actually learn more about this?
Here’s an (really long, and informative, but not all that interesting) interview that explains in more detail:
Okaaaaay, so what can be done here?
Well, I don’t really know.
The main problem is that this isn’t happening to anyone at BoardingArea, and it’s harder to troubleshoot when you aren’t experiencing something directly. They’ve assured us that they’re making a concentrated effort, are working with the ad agencies and servers, etc., but there’s only so much that can be done, apparently. They’re good people, so I’m inclined to believe they’re trying their best, and they understand this is an untenable situation for everyone.
In the meantime, if you are one of the people receiving pop-ups, having your browser hi-jacked, or are otherwise running into issues, you should probably sweep for malware on your machine.
I have a couple of references here, but if anyone has tools they’ve used or better recommendations, please share!
- Remove unwanted adware that displays pop-up ads and graphics on your Mac
- Remove software that affects Chrome (Windows only)
- Pop-ups, redirects, and other malware
- Troubleshoot Firefox issues caused by malware
That’s not a comprehensive list, but should get you started, hopefully.
Again, we’re really sorry.
Of course, knowing that everyone feels badly doesn’t actually solve the problem of you not being able to read the blog in peace.
We don’t want to minimize that at all, and can do nothing but apologize profusely.
Is anyone an expert in this space? Any other tips?
Update: Boarding Area has issued the following statement:
We are aware that a small minority of users have had experience with potential security vulnerabilities when accessing Boarding Area websites and blogs. We have done complete scans of our systems and can verify that our network and our servers are secure and free from any security vulnerabilities. However, we do rely on a third party for some assets on the sites. We are constantly monitoring and reviewing those assets to ensure the quality of the content provided to us and are doing what we can to try to make sure these assets are clean of those security vulnerabilities as well. We’ll keep monitoring both ourselves and others to try to deliver a safe experience for all users.
If you have had an experience with security vulnerabilities on our websites, we apologize. We want our readers to know that we care and are doing what we can to resolve the issue.