Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat
from the please-stop dept
Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: hijacking, page not found, phishing, vulnerability
Companies: earthlink, verisign
Reader Comments
Subscribe: RSS
View by: Time | Thread
Gods
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Money Money Money
Monetize everything!
Money! Money! Money!
Who cares if it causes problems!
We get MONEY, no problem here.
[ link to this | view in thread ]
Re: OpenDNS
Anyway, I love them and use them myself, just clearing the record.
[ link to this | view in thread ]
[ link to this | view in thread ]
You should fix the dangling modifier in the title.
[ link to this | view in thread ]
ads
[ link to this | view in thread ]
bad pages that once existed
--Glenn
[ link to this | view in thread ]
Doesn't Internet Explorer do this?
[ link to this | view in thread ]
Re: Doesn't Internet Explorer do this?
[ link to this | view in thread ]