Yardley points to a great article on 24/7’s ad network getting hijacked by hackers. What I find interesting about this is how it illustrates that we put lots of things on our sites that don’t belong to us. Advertising networks daisy chain together so the ad you serve may be from a network you don’t contract with. You might invoke web services from companies like Amazon. You may install Google Gadgets. You may pull RSS feeds for syndicated content. There are a million different ways that we give up control of our applications to gain additional functionality.
In many ways, this is reminiscent of a security debate that has gone on for decades. And of course, generally, I fall on the side of “open it up and hope for the best”. Given that, we must be exceptionally tolerant of the occasional security breach that transpires.