Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat

from the please-stop dept

Back in 2003, there was a huge mess over VeriSign's plan to create "SiteFinder," which effectively hijacked "page not found" messages online and inserted advertising instead. This also broke a bunch of online services that relied on accurate page not found messages. Eventually, VeriSign backed down, but over the last couple of years, ISPs have been starting to do the same thing on their own at a slightly different level in the process. However, some security researchers have demonstrated just how dangerous this can be, by using Earthlink's set up to show how it can be used by phishers to make pages look like they're really on someone else's domain. This particular hole has been patched, but it does demonstrate some of the unintended problems of hijacking a widely accepted standard behavior on the internet for the ISP's own purposes. The ISPs (including Earthlink in this case) always claim that they put up these ad pages as a "customer service" or to "improve their experience," but that's simply untrue. Such pages don't help matters. If a page can't be found, the user should be told that the page can't be found. They can do a search on a search engine themselves to find the proper page.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hijacking, page not found, phishing, vulnerability
Companies: earthlink, verisign


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    LBD, 21 Apr 2008 @ 9:08pm

    Gods

    Those advertisement pages have always annoyed me. Makes it hard to tell if a page is dead, or WHAT.

    link to this | view in chronology ]

  • identicon
    Jake, 21 Apr 2008 @ 10:14pm

    Just as a minor point of clarification, the security risk in this case wasn't actually from the practice itself, but from negligence on the part of the ad provider; they'd left the redirect sites open to hijack by phishers. Had someone at Barefruit know his arse from his elbow and/or cared enough to use a little common sense,this would be merely mildly irritating rather than a massive security risk.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2008 @ 10:18pm

    OpenDNS anyone?

    link to this | view in chronology ]

    • identicon
      Edward Bruce Williams, 21 Apr 2008 @ 11:04pm

      Re: OpenDNS

      "bad domain names" - NXDOMAIN is what it is called, directs you to advertising on OpenDNS, BTW.

      Anyway, I love them and use them myself, just clearing the record.

      link to this | view in chronology ]

  • identicon
    Edward Bruce Williams, 21 Apr 2008 @ 10:59pm

    Money Money Money

    They get paid!

    Monetize everything!

    Money! Money! Money!

    Who cares if it causes problems!

    We get MONEY, no problem here.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2008 @ 11:52pm

    The advertising on OpenDNS is why I stopped using it. Quite annoying.

    link to this | view in chronology ]

  • identicon
    Scote, 22 Apr 2008 @ 1:16am

    You should fix the dangling modifier in the title.

    "Non-Existent Domain Hijacking Not Just Annoying, But A Security Threat" makes it sound as if you think the domain highjacking does not exist.

    link to this | view in chronology ]

  • identicon
    mike allen, 22 Apr 2008 @ 1:50am

    ads

    Ban them i spend a lot of time avoiding them even those damned annoying take our survey. rhat spring up covering the text i want to read i sometimes take them and lie through my teeth. ( or keyboard)

    link to this | view in chronology ]

  • identicon
    oregonnerd, 22 Apr 2008 @ 9:38am

    bad pages that once existed

    Supposedly a page could never be taken down because of latency in the 'Net. So what happened??
    --Glenn

    link to this | view in chronology ]

  • identicon
    Brandon, 22 Apr 2008 @ 11:16am

    Doesn't Internet Explorer do this?

    Maybe I'm missing a setting somewhere, which is entirely possible, but when you type in an address to Internet Explorer that can't be found, it automatically sends you to Microsoft's Live search page, which isn't completely an ad site, but it does have sponsor sites.

    link to this | view in chronology ]

    • identicon
      AckAck, 22 Apr 2008 @ 8:31pm

      Re: Doesn't Internet Explorer do this?

      The default behavior for IE is to perform a search from the address bar when it gets that response. Its not quite the same thing as it performs the search using the engine of your choosing (I believe since I'm using ie8 i could be wrong about IE7) if you've set up a different engine as your default search IE will use that engine instead. That is of course if your ISP doesn't hijack it (I had to RE-OP-OUT of Roadrunner's redirect program as it set itself to be my happy place again while I was testing for this reply...)

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.