18. December 2013

Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1

The current versions of the popular ad server software OpenX Source (2.8.11) and Revive Adserver (3.0.1) are vulnerable a sql injection attack which allows attackers to gain backend access. The vulnerability is actively being exploited.

The OpenX team has been informed. For Revive, I submitted a pull request with a fix.

Since Revive Adserver is the official successor to OpenX Source, I assume that there will not be an updated version of OpenX Source (after all, there wasn’t one for the last vulnerability). I have created a set of patched files which fix the vulnearbility in OpenX 2.8.11: openx-2.8.11-sql-injection-patch.zip. To patch Revive Adserver, use the files from revive-3.0.1-sql-injection-patch.zip.

I recommend applying the patches immediately, since the vulnerability is actively being exploited and has been for some time now.

Update 19.12.: The revive team confirmed the vulnerability and is working on a fixed version.
Update 20.12.: The Revive team released Revive Adserver 3.0.2 which fixes the vulnerability. If possible, I recommend to update to this version as soon as possible (including users of OpenX). Thanks a lot to the team for the quick reaction!
The Revive team also suggest a quicker temporary fix for people who cannot update right away: Remove “www/delivery/axmlrpc.php” if you do not need xmlrpc delivery (most setups use different delivery methods).
Update 3.2.2014: Removing axmlrpc.php alone does not seem to be enough to fully protect an installation. dxmlrpc.php should be removed as well. Many thanks to Péter Veres for the discovery!

By the way

If you are managing an OpenX Source or Revive Adserver installation, take a look at the OpenX Maintenance Checklist or Revive Adserver Maintenance Checklist. It helps you keeping track of frequent maintenance tasks and security checks. If you sign up for an account at Checkpanel (not required) you can easily manage this checklist. You can see when you last checked each item, set reminders, work in teams and more. Checkpanel is not limited to OpenX/Revive checklists – it helps you managing all kinds of recurring tasks (see some other samples and features).

(This article is also available in German)

11. December 2007

Eyebox – Eyetracking Outside of the Usability Lab


Usually, eyetracking technology (tracking where people are looking at) is only found within usability labs. The technology requires expensive hardware and has to be calibrated before each use. Usually the tracking only works over short distances (from user to screen).

A little different are things with the eyebox2 by xuuk. This little device claims to track people’s gazes over a distance of up to 10 meters in every day situations.

It is targeted at advertisers who can track how many people are looking at their billboard ads. Some are already dreaming about new business models which charge money per view – you only pay for ads that are really being looked at. For the time being this is still advertiser’s utopia, though.

I can imagine some potential uses besides advertisement. Interactive installations could react on the user’s line of sight. It is probably a weird feeling if you direct your sight at a wall and everywhere where you look there is something happening, but nowhere else. :)

Unfortunately, the eyebox2 is still to expensive for such experiments. According to Newsweek it currently costs about 1500 Dollars. The developers hope to push the price down to 100 Dollars in the middle term.

» xuuk eyebox2

(via Kreativrauschen.de via Feng-GUI)

24. November 2007

Interactive Storefront – Peeking at Women in Elle Macpherson Intimates Underwear

Interactive Shop Window Advertising

The Digitalist created an interesting ad for Elle Macpherson Intimates (apparently an underwear brand). They placed a huuuge display in a shop window which shows only the brand name on black background by default. As soon as someone moves in front of the window, this visitor’s silhouette opens a view behind the black – onto videos of sparely dressed women. It is like an inverted shadow with smear effect. :)

You can see it in this video:

» read on!

Powered by WordPress

Subscribe to RSS Feed