Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat
from the please-stop dept
Back in 2003, there was a huge mess over VeriSign’s plan to create “SiteFinder,” which effectively hijacked “page not found” messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink’s set up to show how it can be used by phishers to make pages look like they’re really on someone else’s domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP’s own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a “customer service” or to “improve their experience,” but that’s simply untrue. Such pages don’t help matters. If a page can’t be found, the user should be told that the page can’t be found. They can do a search on a search engine themselves to find the proper page.
Filed Under: hijacking, page not found, phishing, vulnerability
Companies: earthlink, verisign
Comments on “Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat”
Gods
Those advertisement pages have always annoyed me. Makes it hard to tell if a page is dead, or WHAT.
Just as a minor point of clarification, the security risk in this case wasn’t actually from the practice itself, but from negligence on the part of the ad provider; they’d left the redirect sites open to hijack by phishers. Had someone at Barefruit know his arse from his elbow and/or cared enough to use a little common sense,this would be merely mildly irritating rather than a massive security risk.
OpenDNS anyone?
Re: OpenDNS
“bad domain names” – NXDOMAIN is what it is called, directs you to advertising on OpenDNS, BTW.
Anyway, I love them and use them myself, just clearing the record.
Money Money Money
They get paid!
Monetize everything!
Money! Money! Money!
Who cares if it causes problems!
We get MONEY, no problem here.
The advertising on OpenDNS is why I stopped using it. Quite annoying.
You should fix the dangling modifier in the title.
“Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat” makes it sound as if you think the domain highjacking does not exist.
ads
Ban them i spend a lot of time avoiding them even those damned annoying take our survey. rhat spring up covering the text i want to read i sometimes take them and lie through my teeth. ( or keyboard)
bad pages that once existed
Supposedly a page could never be taken down because of latency in the ‘Net. So what happened??
–Glenn
Doesn't Internet Explorer do this?
Maybe I’m missing a setting somewhere, which is entirely possible, but when you type in an address to Internet Explorer that can’t be found, it automatically sends you to Microsoft’s Live search page, which isn’t completely an ad site, but it does have sponsor sites.
Re: Doesn't Internet Explorer do this?
The default behavior for IE is to perform a search from the address bar when it gets that response. Its not quite the same thing as it performs the search using the engine of your choosing (I believe since I’m using ie8 i could be wrong about IE7) if you’ve set up a different engine as your default search IE will use that engine instead. That is of course if your ISP doesn’t hijack it (I had to RE-OP-OUT of Roadrunner’s redirect program as it set itself to be my happy place again while I was testing for this reply…)