When blogger Justin Watt looked at his blog during a hotel stay, he noticed a thin grey bar at the top of the page that should not be there. Watt says that he first thought was that it was due to a CSS problem related to a browser update; however, on examining the source code, it was soon apparent that there was more to it.

The source code on the server had not been changed, but when viewed in his browser, there was additional CSS information after the <head> tag and additional JavaScript being injected after the <body> tag. And it wasn't just his blog that was affected – every web site he loaded contained the additional snippet of JavaScript.

Somewhere between the internet and his computer, web sites were being modified. The injected JavaScript appeared to be there to serve more advertising, although Watt notes that he was not seeing any additional advertisments. There were also side effects: the injected code caused embedded YouTube videos in Google Reader to stop working and instead show up as "empty black squares".

Further research revealed that the hotel, the Courtyard Marriott in New York's Times Square, was using an RG Nets hotspot gateway. RG Nets calls its product a Revenue eXtraction Gateway (RXG) and promises users extra revenue by displaying extra ads (See also RG Nets' own advertisement). Following Watt's post, Marriott said that it was not aware of, nor did it approve of the ad-service's practices, and that it has since been disabled.

The story offers one more good reason for always exercising caution when using a public network and underlines the benefits of using a VPN wherever possible. This helps to protect against both unwelcome eavesdropping and modification of the type described – assuming that it's possible to set up a VPN through this kind of gateway.

(crve)