Submission + - ISPs, IE meddle with their customers' Web traffic (infoworld.com)
Bibek Paudel writes: "According to a paper by researchers at the University of Washington, set to be delivered Wednesday at the Usenix Symposium on Networked Systems Design and Implementation in San Francisco, about one percent of the Web pages being delivered on the Internet are being changed in transit, sometimes in a harmful way.
"The Web is a lot more wild than we originally expected," said Charles Reis, a co-author of the paper. To get their data, the team wrote software that would test whether or not someone visiting a test page on the University of Washington's Web site was viewing HTML that had been altered in transit. In 16 instances, ads were injected into the Web page by the visitor's ISP. "We're confirming some rumors that had been in the news last summer, that ISPs had been injecting these ads." Among many small ISPs, the paper also named one of the largest ISPs in the U.S., XO Communications, as an ad injector.
The data also shows that pages were sometimes changed by pop-up blockers within products such as CheckPoint's ZoneAlarm or CA's Personal Firewall. Even Microsoft's Internet Explorer browser is part of the problem, the researchers claim. IE injects HTML into pages that it saves to the computer's hard drive, making those pages vulnerable to attacks when the page is then reloaded from the local disk."