VeriSign redirects ALL nonexistant .com/.net domains to their site

[Skywing]

http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99

Not all DNS servers have realized the change yet.

You can see it yourself by running a query on a.gtld-servers.net.

Basically, all .com/.net domains now "exist" and point to VeriSign.  I don't even want to think about how many things this breaks.

I hope that ICANN revokes their .com/.net registrar status, but it's not going to happen.

[iago]

eew, that's a pain.

I recommend boycotting all DNS servers as a result!

[Skywing]

eew, that's a pain.

I recommend boycotting all DNS servers as a result!

Better and better.  They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree.  Hmm... I wonder how to not use if if I get sent there for every typo'd domain?

Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all...

Just another little update:
VeriSign obfuscates the source of their cookies as from 2o7.net (although they could of course change this to ANY .net or .com to foil blocking attempts).  Their JavaScript code isn't exactly easy to read either.

Anyways, they're then retrieving the obfuscated cookies with a charming 1x1 image:

Code Select Expand

<img
src="http://verisignwildcard.112.2O7.net/b/ss/verisignwildcard/1/G.2-Xpd-S"
height="1" width="1" border="0" />

Here's a snippet of their obfuscated JavaScript:

Code Select Expand

s_rep(fun,'_','-'),rs='http'+(s_ssl?'s':'')
+'://'+(s_ssl?'102':unc)+'.112.2O7.net/b/ss/'+un+'/'+(s_csss?0:1)+'/G.2-Verisign-S/'
+sess+'?'+'[AQB]&ndh=1'+(q?q:'')+(s_q?s_q:'')+'&[AQE]'


Feeling insecure yet?  Well, their site is also vulnerable to cross-site injection of javascript:  http://sitefinder.verisign.com/lpc?url=asdfasdfljkasdfkjasdfljsadlfkjasdljkfasd.c'om&host=asdfasdfljkasdfkjasdfljsadlfkjasdljkfa'%3E%3Cscript%20language="javascript"%3Ealert(document.cookie);%3C/script%3EEd.com

So now literally anybody can use XSS attacks on their charming search page to retrieve all of those wonderfully interesting cookies it collects about which domains you mistype.  (Note that you'll have to work a bit to grab the cookie for 2o7.com).

I'm not normally the conspiracy-theory kind of guy, but this obvious obfuscation of the data they collect is a little bit disturbing, I think?

[j0k3r]

eew, that's a pain.

I recommend boycotting all DNS servers as a result!

Better and better.  They've got a TOS on their site which disclaims their liability for * and requires you to not use their site if you disagree.  Hmm... I wonder how to not use if if I get sent there for every typo'd domain?

Also fun to note that they're tracking which domains you miss as cookies on their wonderful catch-all...

Right. That anti-liability claim is a load of bull and they know it, it's impossible not to get re-directed there if you mistype a domain. The cookies are one thing I disagree with (I assume they are part of the TOS), and although had it not been for skywing I would not have known, I wonder how cluttered up people's harddrives will get with cookies (er not harddrive per say, % of total disk alloted(sp?) for cookies).

[iago]

hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url?

[Skywing]

hmm.. is it possible to block the host sitefinder.verisign.net so you get an error page instead of being sent there on a bad url?

You can block its IP address - but there is no guarantee that they won't change it.

[iago]

Can you block their dns, map it to 0.0.0.0 or something?  It uses a dns to display the search page, right?  Even, perhaps, map the ip to www.google.com's ip? :-/

[Skywing]

Can you block their dns, map it to 0.0.0.0 or something?  It uses a dns to display the search page, right?  Even, perhaps, map the ip to www.google.com's ip? :-/

You reach their site via other peoples DNS, though.

Another update: VeriSign is running an SMTP server on their catchall and is pointing mailexchangers for nonexistant domains to it.  Hmm... so, now they get to read your outgoing mail and record your email address if you mistype the domain?

[Eagle of BH]

Could always redirect/map a page using the dns with the windows HOSTS file. Find the dns to the site you want to redirect and put it in the HOSTS file as #.#.#.# <google.com> or something, it will just go there instead of the actual site. If this even has anything to do with what you're talking about.

[Thing]

The easiest solution is to use OpenNIC's public DNS servers to do name resolution.  Go here and pick a couple of tier 2 servers.  Next, send an email to your ISP and complain.

This was suggested in a response to that Slashdot article.

[iago]

In my hosts file:
216.239.41.99 sitefinder.verisign.com

That way, at least I don't see their page :-)

[K]

VeriSign's controversial "typo-squatting" SiteFinder service is about to be bypassed by an emergency software patch to many of the Internet's backbone computers:

http://www.wired.com/news/technology/0,1282,60473,00.html

[iago]

VeriSign did not respond requests for comment

lol

[UrbalT]

"Whether VeriSign should or should not have done this is not for us to decide. But we have to respond to our customers who are demanding it."

See, capitalism does work out in the end.

[Grok]

I still don't see it happening?  Still getting 404's when typing nonexistent .com and .net domains.