Security products are among the most vulnerability-riddled software products

padlock unlocked security hole flaw
var __cs_c1 = 8;
var __cs_c2 = "6035308";
var __cs_c3 = "";
var __cs_c4 = "";
var __cs_c5 = "";
var __cs_c6 = "";
var __cs_c10 = "";
var __cs_c15 = "";
var __cs_params = ["c1=", __cs_c1, "&c2=", __cs_c2, "&c3=",__cs_c3, "&c4=", __cs_c4, "&c5=", __cs_c5, "&c6=", __cs_c6, "&c10=",__cs_c10, "&c15=", __cs_c15].join(”);
document.write(unescape("%3Cscript async src=’" + (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js?" + __cs_params + "’%3E%3C/script%3E"));

(function() {
var ias = document.createElement(‘script’);
ias.src = ‘//pixel.adsafeprotected.com/jload?anId=8879&campId=300×250&pubId=521062496&chanId=21393896&placementId=926546936’;
document.getElementById(‘ias-697162505’).parentNode.appendChild(ias);
})();

<a target="_blank" href="https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv1eUm_rSUbeOiziC4pxgZgNHjuTjIPKIiXraSihm6ZOTMDwXjn_ToQXmFMEdbqo_ozeFdGftPWv50zPXYL4X3QxqfINqbxrWtpgXFCmz_1br8KaOseLq3_ctTAzIMVpq8HUtVvVpPehxswYIrwtQUMiWjWQdmIcvFPn1jJ_SJXY7qQmg9dvgLLqB3mmf4-F3FvVhXe9wYhMlogavSQs3DBXPt8Iq9zUgPxGnlVlXM1bOoMXdwBm3_NqjWrLwRPGcU9ZQzrd6SIVehhPn9CMacvb6ac&sig=Cg0ArKJSzCkHaWLWW4YPEAE&urlfix=1&adurl=https://adfarm.mediaplex.com/ad/nc/28404-228669-19743-0?mpt=1521692146">
<img src="https://adfarm.mediaplex.com/ad/nb/28404-228669-19743-0?mpt=1521692146"
alt="Click Here" border="0">
</a>
(function(){var h=this,aa=function(){},ba=function(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==b&&"undefined"==typeof a.call)return"object";return b},k=function(a){return"string"==typeof a},ca=function(a,b,c){return a.call.apply(a.bind,arguments)},da=function(a,b,c){if(!a)throw Error();if(2g?c=a+f+c:(g+=f.length,f=a.indexOf("&",g),c=0<=f?a.substring(0,g)+c+a.substring(f):a.substring(0,g)+c)}return 2E3<c.length?void 0!==d?ga(a,b,d,void 0,e):a:c};var ha=function(){var a=/[&\?#]exk=([^& ]+)/.exec(r.location.href);return a&&2==a.length?a[1]:null};var ia=String.prototype.trim?function(a){return a.trim()}:function(a){return a.replace(/^[\s\xa0]+|[\s\xa0]+$/g,"")},ka=function(a,b){var c=0;a=ia(String(a)).split(".");b=ia(String(b)).split(".");for(var d=Math.max(a.length,b.length),e=0;0==c&&e<d;e++){var f=a[e]||"",g=b[e]||"";do{f=/(\d*)(\D*)(.*)/.exec(f)||["","","",""];g=/(\d*)(\D*)(.*)/.exec(g)||["","","",""];if(0==f[0].length&&0==g[0].length)break;c=ja(0==f[1].length?0:parseInt(f[1],10),0==g[1].length?0:parseInt(g[1],10))||ja(0==f[2].length,0==g[2].length)||ja(f[2],g[2]);f=f[3];g=g[3]}while(0==c)}return c},ja=function(a,b){return ab?1:0};var la=function(a,b,c){if("array"==ba(b))for(var d=0;d<b.length;d++)la(a,String(b[d]),c);else null!=b&&c.push("&",a,""===b?"":"=",encodeURIComponent(String(b)))},ma=function(a,b,c){for(c=c||0;c<b.length;c+=2)la(b[c],b[c+1],a);return a},na=function(a,b){var c=2==arguments.length?ma([a],arguments[1],0):ma([a],arguments,1);if(c[1]){var d=c[0],e=d.indexOf("#");0e?c[1]="?":e==d.length-1&&(c[1]=void 0)}return c.join("")};var oa=function(a){oa[" "](a);return a};oa[" "]=aa;var qa=function(a,b){var c=pa;return Object.prototype.hasOwnProperty.call(c,a)?c[a]:c[a]=b(a)};var ra=function(a,b){for(var c in a)Object.prototype.hasOwnProperty.call(a,c)&&b.call(void 0,a[c],c,a)},ta=function(){var a=sa;if(!a)return"";var b=/.*[&#?]google_debug(=[^&]*)?(&.*)?$/;try{var c=b.exec(decodeURIComponent(a));if(c)return c[1]&&1e)return"";a.c.sort(function(a,b){return a-b});d=null;c="";for(var f=0;f<a.c.length;f++)for(var g=a.c[f],l=a.f[g],m=0;m=n.length){e-=n.length;b+=n;c=a.g;break}else a.l&&(c=e,n[c-1]==a.g&&–c,b+=n.substr(0,c),c=a.g,e=0);d=null==d?g:d}}f="";a.h&&null!=d&&(f=c+a.h+"="+(a.S||d));return b+f+""},Ea=function(a){if(!a.h)return a.o;var b=1,c;for(c in a.f)b=c.length>b?c.length:b;return a.o-a.h.length-b-a.g.length-1},Fa=function(a,b,c,d,e){var f=[];ra(a,function(a,l){(a=Ha(a,b,c,d,e))&&f.push(l+"="+a)});return f.join(b)},Ha=function(a,b,c,d,e){if(null==a)return"";b=b||"&";c=c||",$";"string"==typeof c&&(c=c.split(""));if(a instanceof Array){if(d=d||0,d<c.length){for(var f=[],g=0;ge?encodeURIComponent(Fa(a,b,c,d,e+1)):"…";return encodeURIComponent(String(a))};var Ja=function(a,b,c,d,e){if((d?a.R:Math.random())<(e||a.J))try{var f;c instanceof Ca?f=c:(f=new Ca,ra(c,function(a,b){var c=f,d=c.N++;a=Da(b,a);c.c.push(d);c.f[d]=a}));var g=Ga(f,a.P,a.K,a.O+b+"&");g&&Ia(h,g)}catch(l){}},Ia=function(a,b,c){a.google_image_requests||(a.google_image_requests=[]);var d=a.document.createElement("img");if(c){var e=function(a){c(a);Ba(d,"load",e);Ba(d,"error",e)};Aa(d,"load",e);Aa(d,"error",e)}d.src=b;a.google_image_requests.push(d)};var Ka=function(a,b,c){this.u=a;this.M=b;this.i=c;this.j=null;this.L=this.s;this.A=!1},La=function(a,b,c){this.message=a;this.fileName=b||"";this.lineNumber=c||-1},Na=function(a,b,c){var d;try{d=c()}catch(g){var e=a.i;try{var f=Ma(g),e=a.L.call(a,b,f,void 0,void 0)}catch(l){a.s("pAR",l)}if(!e)throw g;}finally{}return d},v=function(a,b){var c=Oa;return function(){for(var d=[],e=0;e<arguments.length;++e)d[e]=arguments[e];return Na(c,a,function(){return b.apply(void 0,d)})}};Ka.prototype.s=function(a,b,c,d,e){try{var f=e||this.M,g=new Ca;g.l=!0;t(g,1,"context",a);b instanceof La||(b=Ma(b));t(g,2,"msg",b.message.substring(0,512));b.fileName&&t(g,3,"file",b.fileName);0<b.lineNumber&&t(g,4,"line",b.lineNumber.toString());b={};if(this.j)try{this.j(b)}catch(F){}if(d)try{d(b)}catch(F){}d=[b];g.c.push(5);g.f[5]=d;var l;e=h;d=[];var m,n=null;do{b=e;var u;try{var W;if(W=!!b&&null!=b.location.href)b:{try{oa(b.foo);W=!0;break b}catch(F){}W=!1}u=W}catch(F){u=!1}u?(m=b.location.href,n=b.document&&b.document.referrer||null):(m=n,n=null);d.push(new ya(m||""));try{e=b.parent}catch(F){e=null}}while(e&&b!=e);m=0;for(var G=d.length-1;m<=G;++m)d[m].depth=G-m;b=h;if(b.location&&b.location.ancestorOrigins&&b.location.ancestorOrigins.length==d.length-1)for(m=1;m<d.length;++m){var ua=d[m];ua.url||(ua.url=b.location.ancestorOrigins[m-1]||"",ua.m=!0)}for(var va=new ya(h.location.href,!1),wa=d.length-1,G=wa;0c?Math.max(0,a.length+c):c;if(k(a))return k(b)&&1==b.length?a.indexOf(b,c):-1;for(;c<a.length;c++)if(c in a&&a[c]===b)return c;return-1},Ra=Array.prototype.forEach?function(a,b,c){Array.prototype.forEach.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=k(a)?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)},Sa=Array.prototype.map?function(a,b,c){return Array.prototype.map.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=Array(d),f=k(a)?a.split(""):a,g=0;g<d;g++)g in f&&(e[g]=b.call(c,f[g],g,a));return e};var Ta=function(a,b){for(var c in a)b.call(void 0,a[c],c,a)},Ua=function(a,b){return null!==a&&b in a};var w;a:{var Va=h.navigator;if(Va){var Wa=Va.userAgent;if(Wa){w=Wa;break a}}w=""}var x=function(a){return-1!=w.indexOf(a)},Xa=function(a){for(var b=/(\w[\w ]+)\/([^\s]+)\s*(?:\((.*?)\))?/g,c=[],d;d=b.exec(a);)c.push([d[1],d[2],d[3]||void 0]);return c};var Ya=function(){return x("Trident")||x("MSIE")},y=function(){return(x("Chrome")||x("CriOS"))&&!x("Edge")},$a=function(){function a(a){var b;a:{b=d;for(var e=a.length,l=k(a)?a.split(""):a,m=0;mb?null:k(a)?a.charAt(b):a[b]]||""}var b=w;if(Ya())return Za(b);var b=Xa(b),c={};Ra(b,function(a){c[a[0]]=a[1]});var d=fa(Ua,c);return x("Opera")?a(["Version","Opera"]):x("Edge")?a(["Edge"]):y()?a(["Chrome","CriOS"]):(b=b[2])&&b[1]||""},Za=function(a){var b=/rv: *([\d\.]*)/.exec(a);if(b&&b[1])return b[1];var b="",c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),"7.0"==c[1])if(a&&a[1])switch(a[1]){case "4.0":b="8.0";break;case "5.0":b="9.0";break;case "6.0":b="10.0";break;case "7.0":b="11.0"}else b="7.0";else b=c[1];return b};var z=function(){return x("iPhone")&&!x("iPod")&&!x("iPad")};var ab=x("Opera"),A=Ya(),bb=x("Edge"),B=x("Gecko")&&!(-1!=w.toLowerCase().indexOf("webkit")&&!x("Edge"))&&!(x("Trident")||x("MSIE"))&&!x("Edge"),cb=-1!=w.toLowerCase().indexOf("webkit")&&!x("Edge"),db=x("Macintosh"),eb=x("Windows"),fb=x("Android"),gb=z(),hb=x("iPad"),ib=x("iPod"),jb=function(){var a=h.document;return a?a.documentMode:void 0},kb;a:{var lb="",mb=function(){var a=w;if(B)return/rv\:([^\);]+)(\)|;)/.exec(a);if(bb)return/Edge\/([\d\.]+)/.exec(a);if(A)return/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/.exec(a);if(cb)return/WebKit\/(\S+)/.exec(a);if(ab)return/(?:Version)[ \/]?(\S+)/.exec(a)}();mb&&(lb=mb?mb[1]:"");if(A){var nb=jb();if(null!=nb&&nb>parseFloat(lb)){kb=String(nb);break a}}kb=lb}var ob=kb,pa={},C=function(a){return qa(a,function(){return 0<=ka(ob,a)})},pb;var qb=h.document;pb=qb&&A?jb()||("CSS1Compat"==qb.compatMode?parseInt(ob,10):5):void 0;var rb=x("Firefox"),sb=z()||x("iPod"),tb=x("iPad"),ub=x("Android")&&!(y()||x("Firefox")||x("Opera")||x("Silk")),vb=y(),wb=x("Safari")&&!(y()||x("Coast")||x("Opera")||x("Edge")||x("Silk")||x("Android"))&&!(z()||x("iPad")||x("iPod"));h.performance&&h.performance.now&&ea(h.performance.now,h.performance);var D=function(a,b){this.width=a;this.height=b};D.prototype.clone=function(){return new D(this.width,this.height)};D.prototype.ceil=function(){this.width=Math.ceil(this.width);this.height=Math.ceil(this.height);return this};D.prototype.floor=function(){this.width=Math.floor(this.width);this.height=Math.floor(this.height);return this};D.prototype.round=function(){this.width=Math.round(this.width);this.height=Math.round(this.height);return this};D.prototype.scale=function(a,b){this.width*=a;this.height*="number"==typeof b?b:a;return this};!B&&!A||A&&9<=Number(pb)||B&&C("1.9.1");A&&C("9");var E=document,r=window;var xb=null,I=function(a,b){Ia(a,b,void 0)},yb=function(){if(!E.body)return!1;if(!xb){var a=E.createElement("iframe");a.style.display="none";a.id="anonIframe";xb=a;E.body.appendChild(a)}return!0};var Oa;Oa=new Ka(new function(){this.P="http:"===r.location.protocol?"http:":"https:";this.K="pagead2.googlesyndication.com";this.O="/pagead/gen_204?id=";this.J=.01;this.R=Math.random()},"jserror",!0);var J=function(a,b){return v(a.toString(),b)};A&&C("9");!cb||C("528");B&&C("1.9b")||A&&C("8")||ab&&C("9.5")||cb&&C("528");B&&!C("8")||A&&C("9");var zb=0,K={},Bb=function(a){var b=K.imageLoadingEnabled;if(null!=b)a(b);else{var c=!1;Ab(function(b,e){delete K[e];c||(c=!0,null!=K.imageLoadingEnabled||(K.imageLoadingEnabled=b),a(b))})}},Ab=function(a){var b=new Image,c,d=""+zb++;K[d]=b;b.onload=function(){clearTimeout(c);a(!0,d)};c=setTimeout(function(){a(!1,d)},300);b.src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=="},Cb=function(a){if(a){var b=document.createElement("OBJECT");b.data=a;b.width="1";b.height="1";b.style.visibility="hidden";var c=""+zb++;K[c]=b;b.onload=b.onerror=function(){delete K[c]};document.body.appendChild(b)}},Db=function(a){if(a){var b=new Image,c=""+zb++;K[c]=b;b.onload=b.onerror=function(){delete K[c]};b.src=a}},Eb=function(a){a&&Bb(function(b){b?Db(a):Cb(a)})};var Fb={H:"ud=1",G:"ts=0",Y:"sc=1",C:"gz=1",D:"op=1",Z:"efp=1",X:"rda=1",V:"dcl=1",U:"ocy=1",T:"cvh=1",B:"co=1",W:"mlc=1",F:"opp=1"};if(E&&E.URL){var sa=E.URL,Gb=!(sa&&0=b)){var d=0,e=function(){a();d++;dc;){try{if(d.google_osd_static_frame)return d}catch(f){}try{if(d.aswift_0&&(!a||d.aswift_0.google_osd_static_frame))return d.aswift_0}catch(f){}c++;d=b?0<d.location.ancestorOrigins.length&&d.location.origin==d.location.ancestorOrigins[0]?d.parent:null:d!=d.parent?d.parent:null}return null},Ob=function(a,b,c,d,e,f,g){g=g||aa;if(10<Mb)r.clearInterval(N),g();else if(++Mb,r.postMessage&&(b.b||b.a)){if(f=Nb(!0,f)){g={};Jb(b,g);g[0]="goog_request_monitoring";g[6]=a;g[16]=c;d&&d.length&&(g[17]=d.join(","));e&&(g[19]=e);try{var l=Lb(g);f.postMessage(l,"*")}catch(m){}}}else r.clearInterval(N),g()},Pb=function(a){var b=Nb(!1),c=!b;!b&&r&&(b=r.parent);if(b&&b.postMessage)try{b.postMessage(a,"*"),c&&r.postMessage(a,"*")}catch(d){}};var O=!1,Qb=function(a){if(a=a.match(/[\d]+/g))a.length=3};(function(){if(navigator.plugins&&navigator.plugins.length){var a=navigator.plugins["Shockwave Flash"];if(a&&(O=!0,a.description)){Qb(a.description);return}if(navigator.plugins["Shockwave Flash 2.0"]){O=!0;return}}if(navigator.mimeTypes&&navigator.mimeTypes.length&&(a=navigator.mimeTypes["application/x-shockwave-flash"],O=!(!a||!a.enabledPlugin))){Qb(a.enabledPlugin.description);return}try{var b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");O=!0;Qb(b.GetVariable("$version"));return}catch(c){}try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");O=!0;return}catch(c){}try{b=new ActiveXObject("ShockwaveFlash.ShockwaveFlash"),O=!0,Qb(b.GetVariable("$version"))}catch(c){}})();(function(){var a;return eb?(a=/Windows NT ([0-9.]+)/,(a=a.exec(w))?a[1]:"0"):db?(a=/10[_.][0-9_.]+/,(a=a.exec(w))?a[0].replace(/_/g,"."):"10"):fb?(a=/Android\s+([^\);]+)(\)|;)/,(a=a.exec(w))?a[1]:""):gb||hb||ib?(a=/(?:iPhone|CPU)\s+OS\s+(\S+)/,(a=a.exec(w))?a[1].replace(/_/g,"."):""):""})();var P=function(a){return(a=a.exec(w))?a[1]:""};(function(){if(rb)return P(/Firefox\/([0-9.]+)/);if(A||bb||ab)return ob;if(vb)return P(/Chrome\/([0-9.]+)/);if(wb&&!(z()||x("iPad")||x("iPod")))return P(/Version\/([0-9.]+)/);if(sb||tb){var a=/Version\/(\S+).*Mobile\/(\S+)/.exec(w);if(a)return a[1]+"."+a[2]}else if(ub)return(a=P(/Android\s+([0-9.]+)/))?a:P(/Version\/([0-9.]+)/);return""})();var Sb=function(){var a=r.parent&&r.parent!=r,b=a&&0<="//tpc.googlesyndication.com".indexOf(r.location.host);if(a&&r.name&&0==r.name.indexOf("google_ads_iframe")||b){var c;a=r||r;try{var d;if(a.document&&!a.document.body)d=new D(-1,-1);else{var e=(a||window).document,f="CSS1Compat"==e.compatMode?e.documentElement:e.body;d=(new D(f.clientWidth,f.clientHeight)).round()}c=d}catch(g){c=new D(-12245933,-12245933)}return Rb(c)}c=(r.document||document).getElementsByTagName("SCRIPT");return 0<c.length&&(c=c[c.length-1],c.parentElement&&c.parentElement.id&&0<c.parentElement.id.indexOf("_ad_container"))?Rb(void 0,c.parentElement):null},Rb=function(a,b){var c=Tb("IMG",a,b);return c?c:(c=Tb("IFRAME",a,b))?c:(a=Tb("OBJECT",a,b))?a:null},Tb=function(a,b,c){var d=document;c=c||d;d=a&&"*"!=a?String(a).toUpperCase():"";c=c.querySelectorAll&&c.querySelector&&d?c.querySelectorAll(d+""):c.getElementsByTagName(d||"*");for(d=0;d<c.length;d++){var e=c[d];if("OBJECT"==a)a:{var f=e.getAttribute("height");if(null!=f&&0<f&&0==e.clientHeight)for(var f=e.children,g=0;g<f.length;g++){var l=f[g];if("OBJECT"==l.nodeName||"EMBED"==l.nodeName){e=l;break a}}}f=e.clientHeight;g=e.clientWidth;if(l=b)l=new D(g,f),l=Math.abs(b.width-l.width)<.1*b.width&&Math.abs(b.height-l.height)<.1*b.height;if(l||!b&&10<f&&10<g)return e}return null};var Q=0,R="",Ub=[],S=!1,T=!1,U=!1,Vb=!0,Wb=!1,Xb=!1,Yb=!1,$b=!1,ac=!1,bc=!1,cc=0,dc=0,V=0,ec=[],M=null,fc="",gc=[],hc=null,ic=[],jc=!1,kc="",lc="",mc=(new Date).getTime(),nc=!1,oc="",pc=!1,qc=["1","0","3"],X=0,Y=0,rc=0,sc="",tc=!1,uc=!1,wc=function(a,b,c){S&&(Vb||3!=(c||3)||Yb)&&vc(a,b,!0);if(U||T&&Xb)vc(a,b),T=U=!1},xc=function(){var a=hc;return a?2!=a():!0},vc=function(a,b,c){if((b=b||fc)&&!jc&&(2==Y||c)&&xc()){for(var d=0;d<Ub.length;++d){var e=yc(Ub[d],b,c),f=a;Wb?Eb(e):I(f,e)}ac=!0;c?S=!1:jc=!0}},zc=function(a,b){var c=[];a&&c.push("avi="+a);b&&c.push("cid="+b);return c.length?"//pagead2.googlesyndication.com/activeview?"+c.join("&"):"//pagead2.googlesyndication.com/activeview"},yc=function(a,b,c){c=c?"osdim":U?"osd2":"osdtos";a=[a,-1<a.indexOf("?")?"&id=":"?id=",c];"osd2"==c&&T&&Xb&&a.push("&ts=1");a.push("&ti=1");a.push("&",b);a.push("&uc="+rc);nc?a.push("&tgt="+oc):a.push("&tgt=nf");a.push("&cl="+(pc?1:0));bc&&(a.push("&lop=1"),b=p()-cc,a.push("&tslp="+b));b=a.join("");for(a=0;a<gc.length;a++){try{var d=gc[a]()}catch(e){}c="max_length";2<=d.length&&(3==d.length&&(c=d[2]),b=ga(b,encodeURIComponent(d[0]),encodeURIComponent(d[1]),c))}2E3<b.length&&(b=b.substring(0,2E3));return b},Z=function(a){if(kc){try{var b=ga(kc,"vi",a);yb()&&I(xb.contentWindow,b)}catch(c){}0<=Qa(qc,a)&&(kc="")}},Ac=function(){Z("-1")},Cc=function(a){if(a&&a.data&&k(a.data)){var b;var c=a.data;if(k(c)){b={};for(var c=c.split("\n"),d=0;d=e)){var f=Number(c[d].substr(0,e)),e=c[d].substr(e+1);switch(f){case 5:case 8:case 11:case 15:case 16:case 18:e="true"==e;break;case 4:case 7:case 6:case 14:case 20:case 21:case 22:case 23:case 24:case 25:e=Number(e);break;case 3:case 19:if("function"==ba(decodeURIComponent))try{e=decodeURIComponent(e)}catch(l){throw Error("Error: URI malformed: "+e);}break;case 17:e=Sa(decodeURIComponent(e).split(","),Number)}b[f]=e}}b=b[0]?b:null}else b=null;if(b&&(c=new Ib(b[4],b[12]),M&&M.match(c))){for(c=0;c<ic.length;c++)ic[c](b);b&&(c=100*b[25],"number"==typeof c&&!isNaN(c)&&(window.document["4CGeArbVQ"]=c|0));void 0!=b[18]&&(Yb=b[18],Yb||2!=V||(V=3,Bc()));uc&&void 0!=b[7]&&0X&&!T&&2==Y&&Dc(r,"osd2","hs="+X)},Fc=function(){var a={};Jb(M,a);a[0]="goog_dom_content_loaded";var b=Lb(a);try{Hb(function(){Pb(b)},10,"osd_listener::ldcl_int")}catch(c){}},Gc=function(){var a={};Jb(M,a);a[0]="goog_creative_loaded";var b=Lb(a);Hb(function(){Pb(b)},10,"osd_listener::lcel_int");pc=!0},Hc=function(a){if(k(a)){a=a.split("&");for(var b=a.length-1;0<=b;b–){var c=a[b],d=Fb;c==d.H?(Vb=!1,a.splice(b,1)):c==d.C?(V=1,a.splice(b,1)):c==d.G?(T=!1,a.splice(b,1)):c==d.D?(Wb=!0,a.splice(b,1)):c==d.B?(tc=!0,a.splice(b,1)):c==d.F&&(uc=!0,a.splice(b,1))}sc=a.join("&")}},Ic=function(){if(!nc){var a=Sb();a&&(nc=!0,oc=a.tagName,a.complete||a.naturalWidth?Gc():L(a,"load",Gc,"osd_listener::creative_load"))}};q("osdlfm",J("osd_listener::init",function(a,b,c,d,e,f,g,l,m,n){Q=a;kc=b;lc=d;S=f;g&&Hc(g);T=f;1==l?ec.push(947190538):2==l?ec.push(947190541):3==l&&ec.push(947190542);M=new Ib(e,ha());L(r,"load",Ac,"osd_listener::load");L(r,"message",Cc,"osd_listener::message");R=c||"";Ub=[n||zc(c,m)];L(r,"unload",Ec,"osd_listener::unload");var u=r.document;!u.readyState||"complete"!=u.readyState&&"loaded"!=u.readyState?!Ya()||0<=ka($a(),11)?L(u,"DOMContentLoaded",Fc,"osd_listener::dcl"):L(u,"readystatechange",function(){"complete"!=u.readyState&&"loaded"!=u.readyState||Fc()},"osd_listener::rsc"):Fc();-1==Q?Y=f?3:1:-2==Q?Y=3:0<Q&&(Y=2,U=!0);T&&!U&&-1==Q&&(Y=2);M&&(M.b||M.a)&&(X=1,N=r.setInterval(v("osd_proto::reqm_int".toString(),fa(Ob,Y,M,T,ec,sc,tc,void 0)),500));Hb(Ic,5,"osd_listener:sfc")}));q("osdlac",J("osd_listener::lac_ex",function(a){gc.push(a)}));q("osdlamrc",J("osd_listener::lamrc_ex",function(a){ic.push(a)}));q("osdsir",J("osd_listener::sir_ex",wc));q("osdacrc",J("osd_listener::acrc_ex",function(a){hc=a}));q("osdpcls",J("osd_listener::acrc_ex",function(a){if(!a||r==r.top||jc||ac&&!$b)return!1;bc=!0;a=/^(http[s]?:)?\/\//.test(a)?a:zc(a);if($b){var b=yc(a,fc,!0),c=p()-dc,b=na(b,"tsvp",c),c=r;Wb?Eb(b):I(c,b)}Ub.push(a);cc=p();return!0}));}).call(this);osdlfm(-1,”,’Bziy8Uys_WJfXMoSxvATH8IG4DgAAAAAQATgByAEJwAIC4AIA4AQBoAYW’,”,3858574632,true,’ocy\x3d1\x26ud\x3d1\x26la\x3d0\x26′,3,’CAASFeRoaZPfGkSGoYJhDse5CXYEvZrdhg’,’//pagead2.googlesyndication.com/activeview?avi\x3dBziy8Uys_WJfXMoSxvATH8IG4DgAAAAAQATgByAEJwAIC4AIA4AQBoAYW\x26cid\x3dCAASFeRoaZPfGkSGoYJhDse5CXYEvZrdhg’);if (window.top && window.top.postMessage) {window.top.postMessage(‘{"googMsgType":"adpnt"}’,’*’);}

The attackers were crafty, but perhaps it’s not rocket science. Jeremiah Grossman, chief of security strategy at SentinelOne said via email: “The vulnerability itself is extremely common — essentially, it’s a remote OS command execution, which has been listed for many years on the OWASP Top 10 and CWE Top 25 lists.”

In early November, thousands of modems were regarded as vulnerable to a Metasploit module with proof-of-concept code which would allow an attacker to take control of broadband modems. In the words of BadCyber researchers, “It looks like someone decided to weaponize it and create an internet worm based on Mirai code.”

Although nearly one million German customers were affected, Deutsche Telekom security executive Dirk Backofen told Reuters, “It was a global attack against all kinds of devices.”

According to a researcher from Xiphos Research, there are “48 devices vulnerable to the main TR-064/TR-069 issue.” A little later, he tweeted:

Deutsche Telekom started pushing out fixes almost immediately. Grossman remarked:

A couple of things strike me as odd. The software patch was made available to customers extraordinarily fast. It was almost as if the vendor already knew about the vulnerability, had the patch ready to go, but for some reason was waiting on making it available ahead of the wide-scale exploitation. Perhaps the company was waiting on a few more features to include before distribution – and the exploitation incident caught them by surprise.

Secondly, it would also seem that the ISP could have added temporary network security controls (port blocking) to prevent compromise, for those who haven’t yet patched — or might never. Getting home users to patch their routers is challenging, and frankly, most of them simply won’t.

“Wide scale attacks on home routers have become more common in recent years,” Grossman added, “and we shouldn’t expect that this will be an isolated case.”

Sadly, as Flexera’s report indicated, despite spending thousands of dollars, you also shouldn’t necessarily count on your security products to be secure enough at all times to protect you due to flawed third-party and open source components and libraries.

[Source:-NETWORK WORLD]