Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Back in 2003, there was a huge mess over VeriSign’s plan to create “SiteFinder,” which effectively hijacked “page not found” messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink’s set up to show how it can be used by phishers to make pages look like they’re really on someone else’s domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP’s own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a “customer service” or to “improve their experience,” but that’s simply untrue. Such pages don’t help matters. If a page can’t be found, the user should be told that the page can’t be found. They can do a search on a search engine themselves to find the proper page.

Filed Under: , , ,
Companies: earthlink, verisign

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat”

Subscribe: RSS Leave a comment
Jake says:

Just as a minor point of clarification, the security risk in this case wasn’t actually from the practice itself, but from negligence on the part of the ad provider; they’d left the redirect sites open to hijack by phishers. Had someone at Barefruit know his arse from his elbow and/or cared enough to use a little common sense,this would be merely mildly irritating rather than a massive security risk.

AckAck says:

Re: Doesn't Internet Explorer do this?

The default behavior for IE is to perform a search from the address bar when it gets that response. Its not quite the same thing as it performs the search using the engine of your choosing (I believe since I’m using ie8 i could be wrong about IE7) if you’ve set up a different engine as your default search IE will use that engine instead. That is of course if your ISP doesn’t hijack it (I had to RE-OP-OUT of Roadrunner’s redirect program as it set itself to be my happy place again while I was testing for this reply…)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...