Current Insight Community Cases

Justifying Your Datacenter Management Improvements

Essential Datacenter Tips On Application Performance Monitoring

The Importance Of Skilled Immigrants To The American Economy

Help A New Kind of Music Label Revolutionize The Industry

Mandates To Buy American Should Be More Carefully Considered

Shut Us Up

-- For Only $100 Million

Brought to you by Floor64 and the Techdirt crew.

stories filed under: "page not found"
Scams

Scams

by Mike Masnick

Mon, Apr 21st 2008 9:01pm


Filed Under:
hijacking, page not found, phishing, vulnerability

Companies:
earthlink, verisign



Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.

11 Comments | Leave a Comment..

 
Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Popular Posts
Poll

Which Internet Concern Worries You The Most?

 

 

 

 

 

 


Add Techdirt RSS To Your Reader
rss Add Techdirt to your Bloglines
Add Techdirt to your Google Add Techdirt to your My Yahoo
Add Techdirt to your Netvibes Add Techdirt to your Newsgator
Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Older Stuff

Monday

6:00am: UK Pub Owner Fined Due To Unauthorized Downloads On Free Pub WiFi? (41)
3:57am: Suing For Patent Infringement No Replacement For Actually Building A Real Business (30)
1:46am: Mininova Deletes Most Torrents Under Court Threat (49)

Wednesday

7:37pm: Stop Wallowing And Start Doing Cool Stuff With Business Models, The Wil Wheaton Edition (32)
6:51pm: Researchers: Copying And Imitation Is Good For Society (140)
6:05pm: Steve Jobs Tells Startup Startup To Change Names, Saying 'It's No Big Deal' (69)
5:26pm: Profitable 'Pay Us Or We'll Sue You For File Sharing' Scheme About To Send 30,000 More Letters (20)
4:46pm: UK Police Arresting People Just To Add To DNA Database? (18)
4:01pm: Funny How Those In Favor Of ACTA Are Against Treaty Providing More Access To Content For Vision Impaired (6)
3:15pm: Advertising As Content: Newspaper Raising Newsstand Prices For Thanksgiving Papers With Black Friday Ads (11)
2:14pm: Are Entertainment Industry Tactics Working? (50)
1:00pm: Photographer Compares Microstock Sites To Pollution And Drug Dealing (45)
11:48am: If Movie Piracy Is Really A Problem, It's Hollywood's Fault (77)
10:27am: If Google Visitors Are Worthless, It's Only Because Newspaper Execs Don't Know What They're Doing (37)
9:01am: Multitasking Is Our Main Activity (15)
7:33am: Greed vs. Due Diligence: Another Case Of Startup Fraud? (4)
6:01am: Anti-Piracy Group In Spain Fined For Bad Faith Actions Against File Sharing Systems (13)
3:55am: ABA Journal's Patent Application To Score Interview With USPTO Boss David Kappos (18)
1:44am: Can Universities Make Sure That Drugs Based On Their Research Are Licensed Reasonably? (19)

Tuesday

9:21pm: Companies Realizing That Content Is Advertising Via Web Series (12)
7:01pm: Could You Prove That The Government Was Watching You Illegally? (38)
4:56pm: Reuters, AP Refuse To Cover Cricket Matches Over Restrictive Press Accreditation Rules (21)
3:21pm: Comparing File Sharing To Payola: Could Have Had That Promotion For Free (34)
1:56pm: Jury Says Fictional Character Can Be Libelous (28)
12:44pm: Spam King Alan Ralsky Gets Four Years In Jail (28)
11:39am: Publishers Getting The Wrong Message Over eBook Piracy (39)
10:28am: Calling For An Independent Invention Defense In Patents (28)
9:12am: Microsoft Tries To Silence Revelation Of Bing Cashback Flaws; Leads To Revelation Of Other Problems (43)
8:03am: Don't Blame Facebook For Some Kids Beating Up Another Student (61)
6:46am: Hulu Telling Sites To Stop Embedding So Much (44)
More arrow
Quick Links
Close
E-mail It