Hacker News new | past | comments | ask | show | jobs | submit login

TL;DR: yes.

They suggest mitigating this by putting ads in a sandboxed iframe (unlikely and probably not foolproof) and not having ads on a login page, but ads can probably still steal your credentials.

It should be obvious that loading untrusted third-party content compromises security, but apparently that is unimportant to sites that use third-party advertising services.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact