My usual browsers are pretty much locked down all the time, but I dug out IE and looked at some LW pages. Didn’t see any ads, video or not.
I would suspect malware, but it’s also possible that other browser tabs (e.g. Facebook) are playing games...
P.S. Oh, a plug-in I have says there are three “requests” on this page from SpecificMedia (http://specificmedia.com/) and it does seem to specialize in video advertising.
I’m leaning towards it being part of the website. The video doesn’t seem to play very often, but every time the page loads, there is a script tag from “vindicosuite.com″ at the bottom, which contains links to specificmedia.com. Both of these domains are related to video advertisement.
To see the tag, I load the page in Chrome, rightclick->Inspect Element, and scroll to the bottom of the HTML view.
I see this both under Firefox on my laptop and Chrome on my office computer, it seems unlikely that they would both have the same malware at the same time.
I am also suspicious because the vindicosuite code is very clearly appended to the end of the page, just stuck onto the end. It’s not integrated with the page in any way.
YO, ADMINS!! Are you quite sure lesswrong.com hasn’t been pwned?
I just loaded http://lesswrong.com/ in both my Iceweasel and Chromium (Debian testing), and C-u, C-f ‘suite’, ‘specific’ - I see nothing? Nothing in curl either.
You will not see it with View Source (C-u). Try right-clicking on the page and selecting Inspect Element (in either Firefox or Chrome). (The tag is added by some Javascript, so it’s only present in the DOM, not in the original source).
Interesting. I just looked on an entirely different computer and there’s nothing.
Since the connection is http (and not https) I wonder whether there’s some code injection going on...
But on the computer I used during the day there was a call to x.vindicosuite.com with a bunch of parameters. It was at the very end of the page, right before the closing tag.
My usual browsers are pretty much locked down all the time, but I dug out IE and looked at some LW pages. Didn’t see any ads, video or not.
I would suspect malware, but it’s also possible that other browser tabs (e.g. Facebook) are playing games...
P.S. Oh, a plug-in I have says there are three “requests” on this page from SpecificMedia (http://specificmedia.com/) and it does seem to specialize in video advertising.
I’m leaning towards it being part of the website. The video doesn’t seem to play very often, but every time the page loads, there is a script tag from “vindicosuite.com″ at the bottom, which contains links to specificmedia.com. Both of these domains are related to video advertisement.
To see the tag, I load the page in Chrome, rightclick->Inspect Element, and scroll to the bottom of the HTML view.
I see this both under Firefox on my laptop and Chrome on my office computer, it seems unlikely that they would both have the same malware at the same time.
Um. That doesn’t look nice.
I am also suspicious because the vindicosuite code is very clearly appended to the end of the page, just stuck onto the end. It’s not integrated with the page in any way.
YO, ADMINS!! Are you quite sure lesswrong.com hasn’t been pwned?
I just loaded http://lesswrong.com/ in both my Iceweasel and Chromium (Debian testing), and C-u, C-f ‘suite’, ‘specific’ - I see nothing? Nothing in curl either.
You will not see it with View Source (C-u). Try right-clicking on the page and selecting Inspect Element (in either Firefox or Chrome). (The tag is added by some Javascript, so it’s only present in the DOM, not in the original source).
Ok, it seems the culprit is this fragment
Commenting it out will get rid of the vindicosuite stuff. So I guess this is sitemeter.com gone rogue.
Some Googling found at least one other person who noticed the same problem.
There are a few other blogs complaining about this.
AdBlock can handle it with this pattern:
Interesting. I just looked on an entirely different computer and there’s nothing.
Since the connection is http (and not https) I wonder whether there’s some code injection going on...
But on the computer I used during the day there was a call to x.vindicosuite.com with a bunch of parameters. It was at the very end of the page, right before the closing tag.