Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    LBD, Apr 21st, 2008 @ 9:08pm

    Gods

    Those advertisement pages have always annoyed me. Makes it hard to tell if a page is dead, or WHAT.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Jake, Apr 21st, 2008 @ 10:14pm

    Just as a minor point of clarification, the security risk in this case wasn't actually from the practice itself, but from negligence on the part of the ad provider; they'd left the redirect sites open to hijack by phishers. Had someone at Barefruit know his arse from his elbow and/or cared enough to use a little common sense,this would be merely mildly irritating rather than a massive security risk.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 21st, 2008 @ 10:18pm

    OpenDNS anyone?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Edward Bruce Williams, Apr 21st, 2008 @ 10:59pm

    Money Money Money

    They get paid!

    Monetize everything!

    Money! Money! Money!

    Who cares if it causes problems!

    We get MONEY, no problem here.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Edward Bruce Williams, Apr 21st, 2008 @ 11:04pm

    Re: OpenDNS

    "bad domain names" - NXDOMAIN is what it is called, directs you to advertising on OpenDNS, BTW.

    Anyway, I love them and use them myself, just clearing the record.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Apr 21st, 2008 @ 11:52pm

    The advertising on OpenDNS is why I stopped using it. Quite annoying.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Scote, Apr 22nd, 2008 @ 1:16am

    You should fix the dangling modifier in the title.

    "Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat" makes it sound as if you think the domain highjacking does not exist.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    mike allen, Apr 22nd, 2008 @ 1:50am

    ads

    Ban them i spend a lot of time avoiding them even those damned annoying take our survey. rhat spring up covering the text i want to read i sometimes take them and lie through my teeth. ( or keyboard)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    oregonnerd, Apr 22nd, 2008 @ 9:38am

    bad pages that once existed

    Supposedly a page could never be taken down because of latency in the 'Net. So what happened??
    --Glenn

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Brandon, Apr 22nd, 2008 @ 11:16am

    Doesn't Internet Explorer do this?

    Maybe I'm missing a setting somewhere, which is entirely possible, but when you type in an address to Internet Explorer that can't be found, it automatically sends you to Microsoft's Live search page, which isn't completely an ad site, but it does have sponsor sites.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    AckAck, Apr 22nd, 2008 @ 8:31pm

    Re: Doesn't Internet Explorer do this?

    The default behavior for IE is to perform a search from the address bar when it gets that response. Its not quite the same thing as it performs the search using the engine of your choosing (I believe since I'm using ie8 i could be wrong about IE7) if you've set up a different engine as your default search IE will use that engine instead. That is of course if your ISP doesn't hijack it (I had to RE-OP-OUT of Roadrunner's redirect program as it set itself to be my happy place again while I was testing for this reply...)

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This