IBM Seeks Patent On Typing-To-Speech In A Call Center

Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Mon, Apr 21st 2008 9:01pm — Mike Masnick

Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hijacking, page not found, phishing, vulnerability
Companies: earthlink, verisign

11 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

LBD, 21 Apr 2008 @ 9:08pm

Gods
Those advertisement pages have always annoyed me. Makes it hard to tell if a page is dead, or WHAT.
[ link to this | view in thread ]
Jake, 21 Apr 2008 @ 10:14pm

Just as a minor point of clarification, the security risk in this case wasn't actually from the practice itself, but from negligence on the part of the ad provider; they'd left the redirect sites open to hijack by phishers. Had someone at Barefruit know his arse from his elbow and/or cared enough to use a little common sense,this would be merely mildly irritating rather than a massive security risk.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2008 @ 10:18pm

OpenDNS anyone?
[ link to this | view in thread ]
Edward Bruce Williams, 21 Apr 2008 @ 10:59pm

Money Money Money
They get paid!

Monetize everything!

Money! Money! Money!

Who cares if it causes problems!

We get MONEY, no problem here.
[ link to this | view in thread ]
Edward Bruce Williams, 21 Apr 2008 @ 11:04pm

Re: OpenDNS
"bad domain names" - NXDOMAIN is what it is called, directs you to advertising on OpenDNS, BTW.

Anyway, I love them and use them myself, just clearing the record.
[ link to this | view in thread ]
Anonymous Coward, 21 Apr 2008 @ 11:52pm

The advertising on OpenDNS is why I stopped using it. Quite annoying.
[ link to this | view in thread ]
Scote, 22 Apr 2008 @ 1:16am

You should fix the dangling modifier in the title.
"Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat" makes it sound as if you think the domain highjacking does not exist.
[ link to this | view in thread ]
mike allen, 22 Apr 2008 @ 1:50am

ads
Ban them i spend a lot of time avoiding them even those damned annoying take our survey. rhat spring up covering the text i want to read i sometimes take them and lie through my teeth. ( or keyboard)
[ link to this | view in thread ]
oregonnerd, 22 Apr 2008 @ 9:38am

bad pages that once existed
Supposedly a page could never be taken down because of latency in the 'Net. So what happened??
--Glenn
[ link to this | view in thread ]
Brandon, 22 Apr 2008 @ 11:16am

Doesn't Internet Explorer do this?
Maybe I'm missing a setting somewhere, which is entirely possible, but when you type in an address to Internet Explorer that can't be found, it automatically sends you to Microsoft's Live search page, which isn't completely an ad site, but it does have sponsor sites.
[ link to this | view in thread ]
AckAck, 22 Apr 2008 @ 8:31pm

Re: Doesn't Internet Explorer do this?
The default behavior for IE is to perform a search from the address bar when it gets that response. Its not quite the same thing as it performs the search using the engine of your choosing (I believe since I'm using ie8 i could be wrong about IE7) if you've set up a different engine as your default search IE will use that engine instead. That is of course if your ISP doesn't hijack it (I had to RE-OP-OUT of Roadrunner's redirect program as it set itself to be my happy place again while I was testing for this reply...)
[ link to this | view in thread ]