Blocking VeriSign global web hijack

[ReadyOne]

If you miss-type a web address (or a web page has a bad address in a link) the bad request is now being intercepted by Verisign and redirected to their website.

What happens is that a request to a Domain Name Server goes out on the internet from your computer when ever a name needs to be turned into an IP address. All the "top level" DNS machines in the internet will get the request to look up the word before the ".com" or ".net" or ".tw" or whatever ends the name.

Verisign operates a top level DNS machine under authority of ICANN, so they see every request in the world that isn't resolved, and instead of answering "no address found", they answer with the address of their portal site. It's like using the telephone and never getting a "this number is not in service" message -- instead you get connected to a telemarketer.


This is a good article about what's going on. I've extracted the fix from it.

http://www.spywareinfo.net/sep24,2003#verisign


Blocking Verisign's Hijack

Most ISPs have applied the BIND patch to block Verisign's hijacking. If your ISP has not done this, then your privacy is at grave risk from Verisign. If you end up at Verisign's search portal when you mis-type a domain, then you need to contact your ISP immediately and ask them to apply the patch as soon as possible.

You can also block this web site yourself with these very simple steps posted by mjc at the SWI message boards.

Add the following to your HOSTS file:

127.0.0.1 sitefinder.Verisign.com #Block Verisign SiteFinder
127.0.0.1 sitefinder-idn.Verisign.com #Block Verisign SiteFinder

If you have Windows 95, 98, or ME, your HOSTS file is located at C:\windows\HOSTS. If you have NT or 2000, your HOSTS file is located at c:\winnt\system32\drivers\etc\HOSTS. If you have XP, the file is at c:\windows\system32\drivers\etc\HOSTS.

This will block most, if not all of the redirects.

If you have a firewall that allows IP blocking you can add the following IPs to its blocklist.

12.158.80.10
64.94.110.11

Block traffic to those IP address in both directions and in all applications and protocols.

 

[ESH419]

So are they dumping spyware on your computer if you end up at their portal? Otherwise i really don't see what the big deal is

If all they're doing is taking up mispelled domains and directing them to thier portal, that's evily brilliant marketing, not the end all of the internet.

 

[ReadyOne]

There action has broken countless millions of spam filters, networking tools, and blocked all competing error page redirection services. Verisign has become the ultimate browser hijacker.

Privacy activist Richard Smith has announced that he has discovered a web bug embedded in the page on which surfers land when they mis-type a web address. This web bug, set by internet advertising company Overture, sets a cookie and can be used to track surfers for five years before it expires.

It is possible that Verisign could correlate surfers' IP addresses with those cookies and potentially could identify people with whom they have business relationships. Verisign holds digital certificates for two million individual certificate holders and has access to those customers' personally identifiable information.

 

[ReadyOne]

So are they dumping spyware on your computer if you end up at their portal? Otherwise i really don't see what the big deal is

They are.

"This certainly means the culling of some information", said Smith. "They're getting a sense of what domain names are mistyped, and perhaps this can be used by a domain name sales company. In addition, Overture is a pay for click search engine, with questionable affiliates."

 

[Bobmi357]

The simplest solution would be to be sure you're not mistyping the url

 

[ESH419]

"This certainly means the culling of some information", said Smith. "They're getting a sense of what domain names are mistyped, and perhaps this can be used by a domain name sales company.

Same thing happens when you use a credit card. Companies sell demographic information all the time. It's nothing new. I used to work for Sears and when you used your card there they'd take what kind of card, brands you purchaced, what types of products you purchaced and all that kind of stuff and corelate it with your personal information. You don't just think Sears would take your name and address for delivories? I remember customers having old addresses over 5 years old in the store's nationwide computer system.

Hell i wouldn't be suprised if Sears bought up the demographic information from whatever the "web hijackers" are. I'm telling you, it's nothing more devious than any other corperation's tactics. These 'hijackers' are just evily briliant. I wish i thought of it first.

You think whitehouse.com didn't take that domain on purpose to catch people trying to go to whitehouse.gov?

 

[quickfoot]

The problem is they are making a financial profit by selling advertising space on a service supported by property owned by the Internet community.

VeriSign does not own the .com and .net TLD's they are allowed to operate them with the blessing of ICANN who is charged with the oversight of IP Address and .com and .net TLD management.

It comes down to they are using someone elses property (ours) to make money and in the process they have broken dozens of security procedures and official Internet standards, the bottom line is this is unacceptable.

ICANN has asked verisign to take sitefinder down, versign refused, godaddy and several over companies are suing them and ICANN is reviewing the decision, it is possible Verisigh will lose .COM and .NET management but more than likely they will be threatened with losing it at which point they will take down sitefinder.

If they were using their own property to make money with it would be good business sense but unfortunately this is not the case here and they are doing unmeasurable harm to the Internet itself.

 

[Bystander]

Same thing happens when you use a credit card. Companies sell demographic information all the time. It's nothing new. I used to work for Sears and when you used your card there they'd take what kind of card, brands you purchaced, what types of products you purchaced and all that kind of stuff and corelate it with your personal information. You don't just think Sears would take your name and address for delivories? I remember customers having old addresses over 5 years old in the store's nationwide computer system.

Hell i wouldn't be suprised if Sears bought up the demographic information from whatever the "web hijackers" are. I'm telling you, it's nothing more devious than any other corperation's tactics. These 'hijackers' are just evily briliant. I wish i thought of it first.

You think whitehouse.com didn't take that domain on purpose to catch people trying to go to whitehouse.gov?

true but these guys besides taking advantage of property they don't own are also causing spam filters to break and causing net admins a lot of head aches (as mentioned b4). Plus lets not forget all the bandwidth they're wasting.
I guess a good non geek-speak analogy would be this.
Think of it these guys as the guardians of a trust fund. Instead of taking care of the trust fund they decided to make money of it for themselves at the expense of the trustee.

 

[ReadyOne]

Same thing happens when you use a credit card. Companies sell demographic information all the time. It's nothing new. I used to work for Sears and when you used your card there they'd take what kind of card, brands you purchaced, what types of products you purchaced and all that kind of stuff and corelate it with your personal information. You don't just think Sears would take your name and address for delivories? I remember customers having old addresses over 5 years old in the store's nationwide computer system.

Sears tracks what I do at Sears.

But what if the credit bureau watched the bank charge network and saw the details of every sale everybody in the world made using a credit or debit card?

Take the information they already have, merge the two, and people (even including the government!!!) would pay handsomely.

Fortunately, it's not legal for them to do that kind of stuff due to fair credit reporting act and amendments.

That's what VeriSign is effectively doing. Their certificate database is like the credit records (name, address, etc.). Watching the web for bad addresses is like watching the bank authorization network.

Unfortunately, there's no law about VeriSign doing it.

 

[Etoile]

From CNN.com - VeriSign shuts down Web site finder - Friday, October 3, 2003

SAN FRANCISCO (Reuters) -- Web address provider VeriSign Inc. said on Friday it would suspend a controversial new service that steers mistaken Web searches to its own page after the organization that oversees Internet policies demanded it do so.

Earlier on Friday, the Internet Corporation for Assigned Names and Numbers issued a statement insisting that VeriSign halt its SiteFinder service and restore the ".com" and ".net" Web domains to the way they were before Sept. 15, when VeriSign began the service.

ICANN gave VeriSign until 6 p.m. PDT to comply with the request or face sanctions for violating its contract with ICANN.

"We will accede to the request while we explore all of our options," VeriSign spokesman Tom Galvin told Reuters.

VeriSign has defended its move, saying it was providing a convenience to Internet users who previously received an error message. The SiteFinder service directs searches for Web addresses that have been mistyped or not registered to a page that includes pay-for-placement topic links.

But Internet users, network administrators and rivals have cried foul, claiming VeriSign overstepped its authority.

"There have been widespread expressions of concern about the impact of these changes on the security and stability of the Internet," ICANN said in its statement.

SiteFinder is rendering spam filters ineffective, adversely affecting other automated Web tools and services and creating a single point of failure "that is likely to be attractive to deliberate attacks" and raising serious privacy issues, according to ICANN.

VeriSign's activation of SiteFinder is "not consistent" with its contract to serve as the main database keeper of all addresses in the ".com" and ".net" domains, ICANN added.

With the service, VeriSign is violating the contract's code of conduct and equal access obligations and failing to act as a neutral registry service provider, among other things, ICANN said.

Galvin said ICANN was using "anecdotal and isolated issues to attempt to regulate non-registry services, but in the interests of further working with the technical community, we will temporarily suspend SiteFinder."

Thwarting efforts such as providing new services will hinder innovation on the Internet, he added.

At least three lawsuits by other Internet companies have been filed against VeriSign over the service.

ICANN previously asked VeriSign to suspend the service, but VeriSign instead said it would form an advisory panel.

VeriSign is not the first registry to test or implement a so-called "redirect" service. But its service impacts the majority of Web searches, as opposed to addresses ending in other domains, such as .biz.

VeriSign's SiteFinder service has been used more than 40 million times by Internet users in just over two weeks, Galvin said.