http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99
Not all DNS servers have realized the change yet.
You can see it yourself by running a query on a.gtld-servers.net.
Basically, all .com/.net domains now "exist" and point to VeriSign. I don't even want to think about how many things this breaks.
I hope that ICANN revokes their .com/.net registrar status, but it's not going to happen.
eew, that's a pain.
I recommend boycotting all DNS servers as a result!
Quote from: iago on September 15, 2003, 09:13 PM
eew, that's a pain.
I recommend boycotting all DNS servers as a result!
Better and better. They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree. Hmm... I wonder how to not use if if I get sent there for every typo'd domain?
Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all...
Just another little update:
VeriSign
obfuscates the source of their cookies as from 2o7.net (although they could of course change this to ANY .net or .com to foil blocking attempts). Their JavaScript code isn't exactly easy to read either.
Anyways, they're then retrieving the obfuscated cookies with a charming 1x1 image:
<img
src="http://verisignwildcard.112.2O7.net/b/ss/verisignwildcard/1/G.2-Xpd-S"
height="1" width="1" border="0" />Here's a snippet of their obfuscated JavaScript:
s_rep(fun,'_','-'),rs='http'+(s_ssl?'s':'')
+'://'+(s_ssl?'102':unc)+'.112.2O7.net/b/ss/'+un+'/'+(s_csss?0:1)+'/G.2-Verisign-S/'
+sess+'?'+'[AQB]&ndh=1'+(q?q:'')+(s_q?s_q:'')+'&[AQE]'
Feeling insecure yet? Well, their site is
also vulnerable to cross-site injection of javascript: http://sitefinder.verisign.com/lpc?url=asdfasdfljkasdfkjasdfljsadlfkjasdljkfasd.c'om&host=asdfasdfljkasdfkjasdfljsadlfkjasdljkfa'%3E%3Cscript%20language="javascript"%3Ealert(document.cookie);%3C/script%3EEd.com (http://sitefinder.verisign.com/lpc?url=asdfasdfljkasdfkjasdfljsadlfkjasdljkfasd.c'om&host=asdfasdfljkasdfkjasdfljsadlfkjasdljkfa'%3E%3Cscript%20language="javascript"%3Ealert(document.cookie);%3C/script%3EEd.com)
So now
literally anybody can use XSS attacks on their charming search page to retrieve all of those wonderfully interesting cookies it collects about which domains you mistype. (Note that you'll have to work a bit to grab the cookie for 2o7.com).
I'm not normally the conspiracy-theory kind of guy, but this
obvious obfuscation of the data they collect is a little bit disturbing, I think?
Quote from: Skywing on September 15, 2003, 09:25 PM
Quote from: iago on September 15, 2003, 09:13 PM
eew, that's a pain.
I recommend boycotting all DNS servers as a result!
Better and better. They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree. Hmm... I wonder how to not use if if I get sent there for every typo'd domain?
Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all...
Right. That anti-liability claim is a load of bull and they know it, it's impossible not to get re-directed there if you mistype a domain. The cookies are one thing I disagree with (I assume they are part of the TOS), and although had it not been for skywing I would not have known, I wonder how cluttered up people's harddrives will get with cookies (er not harddrive per say, % of total disk alloted(sp?) for cookies).
hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url?
Quote from: iago on September 15, 2003, 09:45 PM
hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url?
You can block its IP address - but there is no guarantee that they won't change it.
Can you block their dns, map it to 0.0.0.0 or something? It uses a dns to display the search page, right? Even, perhaps, map the ip to www.google.com's ip? :-/
Quote from: iago on September 15, 2003, 10:02 PM
Can you block their dns, map it to 0.0.0.0 or something? It uses a dns to display the search page, right? Even, perhaps, map the ip to www.google.com's ip? :-/
You reach their site via other peoples DNS, though.
Another update: VeriSign is
running an SMTP server on their catchall and is pointing mailexchangers for nonexistant domains to it. Hmm... so, now they get to read your outgoing mail and record your email address if you mistype the domain?
Could always redirect/map a page using the dns with the windows HOSTS file. Find the dns to the site you want to redirect and put it in the HOSTS file as #.#.#.# <google.com> or something, it will just go there instead of the actual site. If this even has anything to do with what you're talking about.
The easiest solution is to use OpenNIC's public DNS servers to do name resolution. Go here (http://www.opennic.unrated.net/public_servers.html) and pick a couple of tier 2 servers. Next, send an email to your ISP and complain.
This was suggested in a response to that Slashdot article.
In my hosts file:
216.239.41.99 sitefinder.verisign.com
That way, at least I don't see their page :-)
VeriSign's controversial "typo-squatting" SiteFinder service is about to be bypassed by an emergency software patch to many of the Internet's backbone computers:
http://www.wired.com/news/technology/0,1282,60473,00.html
QuoteVeriSign did not respond requests for comment
lol
Quote"Whether VeriSign should or should not have done this is not for us to decide. But we have to respond to our customers who are demanding it."
See, capitalism
does work out in the end.
I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains.
Quote from: Grok on September 17, 2003, 08:30 PM
I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains.
You shouldn't be getting a 404 for that at all - a 404 requires a response from the target server. Nonexistant domains should result in a different error because the connection cannot be established (or even attempted).
Now this is a bit interesting. VeriSign is claiming that "Both individual users and enterprises have been giving very positive feedback [about them hijacking unrecognized .com/.net domains]" (http://news.com.com/2100-1024_3-5078657.html). I guess they haven't heard that the BIND maintainers thought the problem was urgent enough to write and distribute an emergency patch to block SiteFinder.
Ugh ... it caught up with me and now I see the evil sitefinder.
http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99
They're getting sued over it. The case looks like it's actually probably going to be a win, too.
Quote from: Soul Taker on September 19, 2003, 12:42 AM
http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99
They're getting sued over it. The case looks like it's actually probably going to be a win, too.
Yup - IANAL, but they have a pretty compelling argument.
Quote from: Grok on September 17, 2003, 08:30 PM
I still don't see it happening? Still getting 404's when typing nonexistent .com and .net domains.
You can't honestly be complaining about that... Verisign's pages are so ugly and plain it's not funny.
Did you mess with the 404 page or anything Grok?
ICANN needs to stop Verisign, damnit.
Quote from: Soul Taker on September 19, 2003, 12:42 AM
http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99
They're getting sued over it. The case looks like it's actually probably going to be a win, too.
Use the url tag so we can click the link!
link (http://slashdot.org/article.pl?sid=03/09/19/039214&mode=thread&tid=123&tid=126&tid=95&tid=99)
Never!
I have decided to finally post something of use to post...
Beat Verisign redirect! (http://www.pcmag.com/article2/0,4149,1274644,00.asp)
It looks like ICANN is finally taking action against VeriSign (http://www.icann.org/announcements/advisory-19sep03.htm). However, as of 24 hours later, VeriSign has yet to comply.
Quote from: j0k3r on September 20, 2003, 06:36 AM
I have decided to finally post something of use to post...
Beat Verisign redirect! (http://www.pcmag.com/article2/0,4149,1274644,00.asp)
Err.. I think that was one of the first things I said:
Quote from: iago on September 16, 2003, 07:13 PM
In my hosts file:
216.239.41.99 sitefinder.verisign.com
That way, at least I don't see their page :-)
Only instead of redirecting it to localhost, it would make more sense to direct it to 0.0.0.0 or, what I did, direct it to google.com :P
Looks like ICANN is finally taking real action (http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm) against VeriSign.
ICANN is giving VeriSign until tommorow to undo the .com/.net wildcards, "or else" - it sounds like they're threatening to revoke VeriSign's contract.
Good. I can hardly believe that something this dumb was allowed to happen in the first place...
http://biz.yahoo.com/prnews/031003/sff057_1.html (http://biz.yahoo.com/prnews/031003/sff057_1.html)
"VeriSign Will Temporarily Suspend Web Navigation Service in Order to Continue To Work With Internet Community Towards a Long-Term Implementation"
lol, prnews indeed, verisign's
"Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. Instead of receiving a cryptic error message..."
Is it just me or are the error messages about as user-friendly as humanly possible?
Quote from: Soul Taker on October 03, 2003, 06:00 PM
"Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. Instead of receiving a cryptic error message..."
Is it just me or are the error messages about as user-friendly as humanly possible?
It's just you, or the browser you're using. For example, IE tends to beautify error pages received.
No, I have to disagree.
Quote from: Soul Taker on October 03, 2003, 06:00 PM
"Launched September 15, Site Finder provides useful tools for Internet users who mistype a domain name or attempt to connect to a web site that doesn't exist. Instead of receiving a cryptic error message..."
Is it just me or are the error messages about as user-friendly as humanly possible?
My programs all found NXDOMAIN to be far more informative than SiteFinder's IP address. Now that they're coded to know that receiving the latter should be treated as the former, everything's fine again. SiteFinder doesn't exist for me, but that's no loss.
http://news.mcmedia.com.au/story.asp?TakeNo=199910062086395
Verisign removes redirect service
October 6 2003
Shepparton News
VeriSign has shelved its controversial redirect service after an ultimatum from the Internet Corporation for Assigned Names and Numbers (ICANN).
Misspelled or non-existent .com and .net Internet addresses were redirected to a Verisign site under the service, which drew heavy criticism from across the Internet.
It was argued the service disrupted email and other applications, and hurt the ability of Internet service providers to block spam from addresses that did not exist.
ICANN demanded the Verisign redirects be removed by October 4.
"Failure to comply with this demand by that time will leave ICANN with no choice but to seek promptly to enforce VeriSign's contractual obligations," ICANN said.
w000000t! Celebration time!
Well... That was satisfactorily short-lived.
It's not over yet.