> if a single image on the page is not encrypted it jeopardizes the security of the connection
But only in the sense that the article text could say e.g. "implement the authentication algorithm according to illustration #42" and illustration #42 could have been maliciously replaced with an image showing an incorrect implementation, right?
A script served over an insecure connection, on the other hand, would give the attacker access to the DOM and compromise the entire page (and other pages on the site with AJAX).
So does the fact that ads need to be served securely imply that they have the ability to execute JavaScript in the context of the page? By serving ads (whether encrypted or not) am I trusting every advertiser on the network with the session cookies of all my users, essentially allowing them to intercept communications between the site and its users?
I can't speak too much about this because it is on the fringes of my knowledge. All I can say is that I trust Google's systems to screen for malverstising. I remember there was an incident recently where one of the ad networks that they manage was serving malicious JavaScript, but they caught it pretty quickly and blocked that network from serving ads.
I do not believe that I can improve on their systems.
But only in the sense that the article text could say e.g. "implement the authentication algorithm according to illustration #42" and illustration #42 could have been maliciously replaced with an image showing an incorrect implementation, right?
A script served over an insecure connection, on the other hand, would give the attacker access to the DOM and compromise the entire page (and other pages on the site with AJAX).
So does the fact that ads need to be served securely imply that they have the ability to execute JavaScript in the context of the page? By serving ads (whether encrypted or not) am I trusting every advertiser on the network with the session cookies of all my users, essentially allowing them to intercept communications between the site and its users?