Author | Message | Time |
---|---|---|
Skywing | http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99 Not all DNS servers have realized the change yet. You can see it yourself by running a query on a.gtld-servers.net. Basically, all .com/.net domains now "exist" and point to VeriSign. I don't even want to think about how many things this breaks. I hope that ICANN revokes their .com/.net registrar status, but it's not going to happen. | September 16, 2003, 2:00 AM |
iago | eew, that's a pain. I recommend boycotting all DNS servers as a result! | September 16, 2003, 2:13 AM |
Skywing | [quote author=iago link=board=2;threadid=2721;start=0#msg21378 date=1063678385] eew, that's a pain. I recommend boycotting all DNS servers as a result! [/quote] Better and better. They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree. Hmm... I wonder how to not use if if I get sent there for every typo'd domain? Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all... Just another little update: VeriSign obfuscates the source of their cookies as from 2o7.net (although they could of course change this to ANY .net or .com to foil blocking attempts). Their JavaScript code isn't exactly easy to read either. Anyways, they're then retrieving the obfuscated cookies with a charming 1x1 image: [code]<img src="http://verisignwildcard.112.2O7.net/b/ss/verisignwildcard/1/G.2-Xpd-S" height="1" width="1" border="0" />[/code] Here's a snippet of their obfuscated JavaScript: [code]s_rep(fun,'_','-'),rs='http'+(s_ssl?'s':'') +'://'+(s_ssl?'102':unc)+'.112.2O7.net/b/ss/'+un+'/'+(s_csss?0:1)+'/G.2-Verisign-S/' +sess+'?'+'[AQB]&ndh=1'+(q?q:'')+(s_q?s_q:'')+'&[AQE]' [/code] Feeling insecure yet? Well, their site is also vulnerable to cross-site injection of javascript: http://sitefinder.verisign.com/lpc?url=asdfasdfljkasdfkjasdfljsadlfkjasdljkfasd.c'om&host=asdfasdfljkasdfkjasdfljsadlfkjasdljkfa'%3E%3Cscript%20language="javascript"%3Ealert(document.cookie);%3C/script%3EEd.com So now literally anybody can use XSS attacks on their charming search page to retrieve all of those wonderfully interesting cookies it collects about which domains you mistype. (Note that you'll have to work a bit to grab the cookie for 2o7.com). I'm not normally the conspiracy-theory kind of guy, but this obvious obfuscation of the data they collect is a little bit disturbing, I think? | September 16, 2003, 2:25 AM |
j0k3r | [quote author=Skywing link=board=2;threadid=2721;start=0#msg21383 date=1063679125] [quote author=iago link=board=2;threadid=2721;start=0#msg21378 date=1063678385] eew, that's a pain. I recommend boycotting all DNS servers as a result! [/quote] Better and better. They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree. Hmm... I wonder how to not use if if I get sent there for every typo'd domain? Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all... [/quote] Right. That anti-liability claim is a load of bull and they know it, it's impossible not to get re-directed there if you mistype a domain. The cookies are one thing I disagree with (I assume they are part of the TOS), and although had it not been for skywing I would not have known, I wonder how cluttered up people's harddrives will get with cookies (er not harddrive per say, % of total disk alloted(sp?) for cookies). | September 16, 2003, 2:44 AM |
iago | hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url? | September 16, 2003, 2:45 AM |
Skywing | [quote author=iago link=board=2;threadid=2721;start=0#msg21386 date=1063680309] hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url? [/quote] You can block its IP address - but there is no guarantee that they won't change it. | September 16, 2003, 2:48 AM |
iago | Can you block their dns, map it to 0.0.0.0 or something? It uses a dns to display the search page, right? Even, perhaps, map the ip to www.google.com's ip? :-/ | September 16, 2003, 3:02 AM |
Skywing | [quote author=iago link=board=2;threadid=2721;start=0#msg21395 date=1063681354] Can you block their dns, map it to 0.0.0.0 or something? It uses a dns to display the search page, right? Even, perhaps, map the ip to www.google.com's ip? :-/ [/quote] You reach their site via other peoples DNS, though. Another update: VeriSign is running an SMTP server on their catchall and is pointing mailexchangers for nonexistant domains to it. Hmm... so, now they get to read your outgoing mail and record your email address if you mistype the domain? | September 16, 2003, 3:39 AM |
Eagle of BH | Could always redirect/map a page using the dns with the windows HOSTS file. Find the dns to the site you want to redirect and put it in the HOSTS file as #.#.#.# <google.com> or something, it will just go there instead of the actual site. If this even has anything to do with what you're talking about. | September 16, 2003, 1:01 PM |
Thing | The easiest solution is to use OpenNIC's public DNS servers to do name resolution. Go here and pick a couple of tier 2 servers. Next, send an email to your ISP and complain. This was suggested in a response to that Slashdot article. | September 16, 2003, 2:19 PM |
iago | In my hosts file: 216.239.41.99 sitefinder.verisign.com That way, at least I don't see their page :-) | September 17, 2003, 12:13 AM |
K | VeriSign's controversial "typo-squatting" SiteFinder service is about to be bypassed by an emergency software patch to many of the Internet's backbone computers: http://www.wired.com/news/technology/0,1282,60473,00.html | September 17, 2003, 12:32 AM |
iago | [quote]VeriSign did not respond requests for comment[/quote] lol | September 17, 2003, 1:02 AM |
UrbalT | [quote]"Whether VeriSign should or should not have done this is not for us to decide. But we have to respond to our customers who are demanding it."[/quote] See, capitalism does work out in the end. | September 17, 2003, 1:55 AM |
Grok | I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains. | September 18, 2003, 1:30 AM |
Skywing | [quote author=Grok link=board=2;threadid=2721;start=0#msg21543 date=1063848633] I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains. [/quote] You shouldn't be getting a 404 for that at all - a 404 requires a response from the target server. Nonexistant domains should result in a different error because the connection cannot be established (or even attempted). | September 18, 2003, 5:52 AM |
Skywing | Now this is a bit interesting. VeriSign is claiming that "Both individual users and enterprises have been giving very positive feedback [about them hijacking unrecognized .com/.net domains]". I guess they haven't heard that the BIND maintainers thought the problem was urgent enough to write and distribute an emergency patch to block SiteFinder. | September 18, 2003, 9:02 PM |
Grok | Ugh ... it caught up with me and now I see the evil sitefinder. | September 18, 2003, 9:26 PM |
Soul Taker | http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99 They're getting sued over it. The case looks like it's actually probably going to be a win, too. | September 19, 2003, 5:42 AM |
Skywing | [quote author=Soul Taker link=board=2;threadid=2721;start=15#msg21679 date=1063950144] http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99 They're getting sued over it. The case looks like it's actually probably going to be a win, too. [/quote] Yup - IANAL, but they have a pretty compelling argument. | September 19, 2003, 6:12 AM |
j0k3r | [quote author=Grok link=board=2;threadid=2721;start=0#msg21543 date=1063848633] I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains. [/quote] You can't honestly be complaining about that... Verisign's pages are so ugly and plain it's not funny. Did you mess with the 404 page or anything Grok? | September 19, 2003, 11:21 AM |
Grok | ICANN needs to stop Verisign, damnit. | September 19, 2003, 3:21 PM |
Adron | [quote author=Soul Taker link=board=2;threadid=2721;start=15#msg21679 date=1063950144] http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99 They're getting sued over it. The case looks like it's actually probably going to be a win, too. [/quote] Use the url tag so we can click the link! link | September 19, 2003, 4:29 PM |
Soul Taker | Never! | September 19, 2003, 8:09 PM |
j0k3r | I have decided to finally post something of use to post... Beat Verisign redirect! | September 20, 2003, 11:36 AM |
Skywing | It looks like ICANN is finally taking action against VeriSign. However, as of 24 hours later, VeriSign has yet to comply. | September 20, 2003, 4:20 PM |
iago | [quote author=j0k3r link=board=2;threadid=2721;start=15#msg21789 date=1064057813] I have decided to finally post something of use to post... Beat Verisign redirect! [/quote] Err.. I think that was one of the first things I said: [quote author=iago link=board=2;threadid=2721;start=0#msg21462 date=1063757600] In my hosts file: 216.239.41.99 sitefinder.verisign.com That way, at least I don't see their page :-) [/quote] Only instead of redirecting it to localhost, it would make more sense to direct it to 0.0.0.0 or, what I did, direct it to google.com :P | September 20, 2003, 8:12 PM |
Skywing | Looks like ICANN is finally taking real action against VeriSign. ICANN is giving VeriSign until tommorow to undo the .com/.net wildcards, "or else" - it sounds like they're threatening to revoke VeriSign's contract. | October 3, 2003, 3:39 PM |
Arta | Good. I can hardly believe that something this dumb was allowed to happen in the first place... | October 3, 2003, 9:58 PM |
Soul Taker | http://biz.yahoo.com/prnews/031003/sff057_1.html "VeriSign Will Temporarily Suspend Web Navigation Service in Order to Continue To Work With Internet Community Towards a Long-Term Implementation" | October 3, 2003, 10:19 PM |
Adron | lol, prnews indeed, verisign's | October 3, 2003, 10:22 PM |
Soul Taker | "Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. [u]Instead of receiving a cryptic error message[/u]..." Is it just me or are the error messages about as user-friendly as humanly possible? | October 3, 2003, 11:00 PM |
Eibro | [quote author=Soul Taker link=board=2;threadid=2721;start=30#msg22939 date=1065222052] "Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. [u]Instead of receiving a cryptic error message[/u]..." Is it just me or are the error messages about as user-friendly as humanly possible? [/quote]It's just you, or the browser you're using. For example, IE tends to beautify error pages received. | October 4, 2003, 12:51 AM |
j0k3r | No, I have to disagree. | October 4, 2003, 1:41 AM |
Kp | [quote author=Soul Taker link=board=2;threadid=2721;start=30#msg22939 date=1065222052] "Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. [u]Instead of receiving a cryptic error message[/u]..." Is it just me or are the error messages about as user-friendly as humanly possible?[/quote]My programs all found NXDOMAIN to be far more informative than SiteFinder's IP address. Now that they're coded to know that receiving the latter should be treated as the former, everything's fine again. SiteFinder doesn't exist for me, but that's no loss. | October 4, 2003, 2:26 AM |
Naem | http://news.mcmedia.com.au/story.asp?TakeNo=199910062086395 Verisign removes redirect service October 6 2003 Shepparton News VeriSign has shelved its controversial redirect service after an ultimatum from the Internet Corporation for Assigned Names and Numbers (ICANN). Misspelled or non-existent .com and .net Internet addresses were redirected to a Verisign site under the service, which drew heavy criticism from across the Internet. It was argued the service disrupted email and other applications, and hurt the ability of Internet service providers to block spam from addresses that did not exist. ICANN demanded the Verisign redirects be removed by October 4. "Failure to comply with this demand by that time will leave ICANN with no choice but to seek promptly to enforce VeriSign's contractual obligations," ICANN said. | October 6, 2003, 7:29 AM |
j0k3r | w000000t! Celebration time! | October 6, 2003, 11:39 AM |
Yoni | Well... That was satisfactorily short-lived. | October 7, 2003, 12:49 AM |
St0rm.iD | It's not over yet. | October 7, 2003, 2:23 AM |