Skip

Feel our awesome naming fu
September 15, 2003 8:07 PM   Subscribe

Verisign modifies the infrastructure of the net to point back to themselves. Verisign has rigged all .com and .net mistyped domains to reroute to their branded search page. This makes them effectively the biggest cybersquatter on the net, and will make it impossible for most spam filters at the network level to operate as well as seriously complicating the lives of network administrators everywhere.
posted by dejah420 (64 comments total)

 
i've already expressed my disgust to comments(at)icann.org
posted by quonsar at 8:15 PM on September 15, 2003


I'll second that disgust.
posted by spilon at 8:19 PM on September 15, 2003


it doesn't have any advertising banners (yet). and does clearly point out that the site "was not found", which is better than one other mefi mistype squatter which says "click here for metafilter" and then sends you to a pay-per-click. but still, yeah sucks, i guess. if you can't type properly.
posted by carfilhiot at 8:22 PM on September 15, 2003


They make me sick. They also hang onto expired domains as long as they like, and then auction the best ones to the highest bidder. They're evil, I tell you.
posted by waxpancake at 8:24 PM on September 15, 2003


Good lord this sucks. This should not be allowed, because that's rather monopolistic.
posted by riffola at 8:34 PM on September 15, 2003


To: comments (at) icann.org
Subject: Verisign Unresolved Domain Hijacking
Date: Mon, 15 Sep 2003 22:28:48 -0400

Please stop these people. This is a monopolistic, greedy, unfair action.
What of all the other valid .com and .net registrars?

posted by quonsar at 8:42 PM on September 15, 2003


Here is the form for filing complaints about the top level registrars...of which Verisign is the biggest.

Whereas the mistyping thing is annoying and certainly problematic for some people, the bigger issue is how this devastates certain understood protocols of the net root.

For instance, all spam sent with forged envelope senders in .com or .net will go straight through existing spam filters which check for forged envelopes, increasing the amount of spam in many people's mailboxes.

Not only that, but they can harvest millions of email addresses from bounced domains which will now slide right into their databases. Also any misdirected mail can be returned to Verisign databases. Databases which are searchable by the feds...patriot act, doncha know.

The TOS which you "agree" to by merely ending up at their page...which they directed you to in the first place, usurps an extraordinary amount of rights. For example: it says that your sole remedy for anything they did wrong is to discontinue use of "The Verisign Services". So, by mistyping a domain name, you've entered into a legal agreement with Verisign. And the only way to get out of it is to not use the internet. It's so absurd it's damn near Kafkaesque.

It is an astoundingly arrogant display of a monopoly.
posted by dejah420 at 8:43 PM on September 15, 2003


My favorite part is that the main page for their new service has a basic cross site scripting security hole. Jon Postel would weep at the incompetence of the people entrusted with caring for the Internet these days.

Example Hack. Note that my post will appear to not make any sense after they fix this. :-)
posted by Voivod at 8:45 PM on September 15, 2003


gah. verisign is just too much.

i just checked one of my lesser domains and sure enough, when you misspell katgyrl.net as katgirl.net you get the verisign page. at least it gives links to the proper url, as well as my main site (kg.com).
posted by t r a c y at 8:53 PM on September 15, 2003


Along with SCO's Darl McBride, an unnamed leader of a superpower, anyone associated with RIAA, and a despot or two, I daresay the folk who manage Verisign need to be eliminated from this earth.

Life would be so much easier if there weren't so many assholes.
posted by five fresh fish at 9:00 PM on September 15, 2003


Can someone come up with a letter/email explaining the salient issues that can be sent to the appropriate "powers that be"?

Also, who would be the appropriate recipient of these complaints?
posted by dewelch at 9:01 PM on September 15, 2003


FFF, you took the words right outa my mouth. Verisign's abuses are legion, multitudinous and multifaceted. It's as if they feel compelled to keep topping themselves with greater levels of evil. Someday it's gonna catch up with 'em... somedaaayyyy....
posted by soyjoy at 9:08 PM on September 15, 2003


Isn't this the same kind of thing that Internet Explorer for Windows did? If it couldn't get to an address, it would dump you into a similar "we couldn't find it" page at MSN.
posted by MiG at 10:24 PM on September 15, 2003


Can someone come up with a letter/email explaining the salient issues that can be sent to the appropriate "powers that be"?

This is what I sent:

To Whom It May Concern:
As I'm sure you're aware, Verisign is now resolving all domain names regardless of whether the name resolves to an IP address.

This is a blantant abuse of the DNS system and I urge you to put a demand that Verisign put a stop to this immediately.
Sincerely,
-Brian Short

posted by bshort at 10:25 PM on September 15, 2003


put a
posted by bshort at 10:26 PM on September 15, 2003


MiG - that is a client action, taking place in the browser, and effects nobody else. this is an entirely different thing.
posted by quonsar at 10:34 PM on September 15, 2003


Not to mention that option could be turned off.
posted by bitdamaged at 10:41 PM on September 15, 2003


I'm so glad I recently quit a job that was 95% being ground up by Verisign and 5% an actual job.

They. Are. Evil.
posted by WolfDaddy at 11:47 PM on September 15, 2003


This breaks so many things. It will be hell on many spam filters, and on email verification scripts, not to mention the problems when search robots find bad links and don't get a nice error to tell them to stop. Will google's system of weeding out dead sites even work anymore? And when they fix it, what can they test for that will remain constant when verisign can change the record whenever they want?
posted by Nothing at 11:51 PM on September 15, 2003


There is a silver lining to all this; stupid "I'm feeling lucky" jokes:
We didn't find: "wmds-so-we-can-impeach-bush.net"
or having Versign decide what's for lunch!
Burger King or Subway
posted by X-00 at 12:16 AM on September 16, 2003


A simple misspelling of my domain name returns a list of possible matches, one (or two) of which are the websites of conspiracy theorist and professional whackjob David Icke, and none of which are mine.
posted by John Shaft at 12:18 AM on September 16, 2003


And on a less important note, there's the annoyance factor, because now when I make a typo I can't just fix the mistyped character in the address bar and hit enter to go to the right site.
posted by Nothing at 12:20 AM on September 16, 2003


Not to mention that option could be turned off.

It can? How?
posted by Witty at 12:36 AM on September 16, 2003


It can? How?

>format C: is generally acceptable...

also note: the concept of secondary MX is now entirely pointless due to this. 'scuse me whilst I go null-route 64.94.110.11.
posted by dorian at 1:55 AM on September 16, 2003


I tried three misspellings of my home domain, and was semi-relieved to see that only one (wendallwit) got grabbed by VeriSign, although it offered no alternatives to go to (certainly not my real site, but then I didn't register with them), while the other two (wendelwit and wendellwitt) got the normal "No page to display - Action cancelled" treatment. Which raises the question: if they've hijacked everything dot-com, why did they miss these?

BTW, X-00, www.in-and-out-or-fatburger.com didn't give me ANY choices...

format C: is generally acceptable...
No it's not, dorian. Sooner or later, he'll be back and you'll just end up with a 200-comment MetaTalk thread in your honor.
posted by wendell at 2:47 AM on September 16, 2003


point. ridiculously hot and humid here, can't sleep and I am cranky. the bizarre machinations of verislime are not helping either.

polite answer:
It can? How?
you can specify somewhere in the bowels of the IE options mumbo-gumbo, damned if I can remember where. "advanced" tab, maybe?

less-evil-yet-still-snarky answer:
It can? How?
install mojira or opera.
posted by dorian at 3:16 AM on September 16, 2003


bleh! screw you VeriSign. Here's to hoping that the important people take notice of your egregious abuse of your position. assholes

I remember when the Internet was fun, these guys were cheap and easy to get ahold of- and Slackware came on 40something floppies.

sigh :)
posted by shadow45 at 4:45 AM on September 16, 2003


Not all root-servers have had the wildcard zones added yet, so sometimes queries will still return failures. I assume this won't be for long, though knowing verisign's incompetence, anything is possible.
posted by fvw at 5:05 AM on September 16, 2003


Is there an easy hosts file addition that might render this evil benign?
posted by VulcanMike at 6:25 AM on September 16, 2003


Couldn't a simple script allow net users to add 64.94.110.11 to their HOSTS file ( a la blocking the doubleclick ads, etc.) and solve the problem?
posted by XQUZYPHYR at 6:29 AM on September 16, 2003


VulcanMike, XQUZYPHVR: No, the hosts file only does adds or overrides name -> address mappings. Also, neither the unix nor windows host file allows for adding 'does not resolve' entries.

The best that could happen is for someone to hack bind and the other DNS servers out there to reinterpret any result that ends up at 64.04.110.11 and ISPs to start using it. At least I think it'd be a good thing, as much as I hate mixing politics into technology.
posted by fvw at 6:36 AM on September 16, 2003


It sure would be nice if a .org wildcard could be added that pointed all misspellings to verisignoff.org, but someone forgot to renew the god dammed domain.
posted by machaus at 6:41 AM on September 16, 2003


So why do Verisign's marketing folks think they can get away with this when everyone with half a brain is already pissed off? Same as politics, I suppose. they're banking on the bulk of the population being idiots and saying, "Gee, when I type a bad URL I get a Verisign page. I guess they own the Web. Isn't that nice."

Now that's frightening.

BTW, thanks for your eloquent and clear explanation, Dejah.
posted by Shane at 6:46 AM on September 16, 2003


Put a face to the evil
posted by bonaldi at 8:52 AM on September 16, 2003


Why don't they simply change all DNS mappings to point to them? All verisign, all the time. At least on their own network. Then they can drown in their solipsism.
posted by namespan at 9:22 AM on September 16, 2003


Given the past government "investigations into alleged abuse, I should think Verisign could perform a marriage between Saddam and Osama and still get gifts from the US DoC.
posted by infowar at 10:40 AM on September 16, 2003


Snarky remark:
You mean you can type in adddresses? I thought that's what these linky things were for.
/Snarky remark

Serious comment:

How are they determining which non-existant domain names they serve there 'search' page to. My domain which has only a couple external links to them and a couple of links from it, serves up the standard "Cannot find server" page.

I'm so depressed ;(
posted by DBAPaul at 2:22 PM on September 16, 2003


s /them/it
posted by DBAPaul at 2:23 PM on September 16, 2003


It can? How?

From the menu bar, go to Tools > Internet Options. In the popup dialog, go to the Advanced tab. Scroll down to "Search from the Address Bar" and select "Do not search from the Address Bar."
posted by moonbiter at 2:53 PM on September 16, 2003


It's also overiding the search option from the new Google Toolbar -- although that still accepts single word mistakes.

I've tried a few mistypes for the hallowed domain ... metafylter, matafilter and matterfilter ... and the same thing happens.

Amusingly, mfilter is a real company, mkay ...
posted by feelinglistless at 4:25 PM on September 16, 2003


Thanks moonbiter. Nice try dorian, I'm not that retarded. :)
posted by Witty at 5:19 PM on September 16, 2003


ah, no harm no foul ;]
(my first comment was with the hope that you were, er, witty enough not to go and actually try it...thank jeebus this time did not end with the burning and the salt and the pain)
--
there's also an actual thing called milter.
posted by dorian at 7:14 PM on September 16, 2003


(Insert Fark HERO tag here)

Internet Software Consortium is releasing an emergency patch for their BIND software to cut off VeriSign's Site-Finder "service".

(Article from Wired News)
posted by cup at 9:42 PM on September 16, 2003


This doesn't solve the problem. Not even close. It's actually the wrong thing to do. Even if the BIND "fix" (the very concept is an egregious hack) were to be universally deployed by all network administrators, and the new feature enabled, it doesn't change the fact that Verisign is deliberately corrupting the entire domain name system for profit.

This change isn't nearly enough, and it's wrong that they should have to do it. The Verisign action must be reversed. If ICANN doesn't step in then they have abrogated their responsibilities and should be disestablished and replaced with someone willing to do their job. The only responsible thing to do now is to take the gTLD root servers away from Verisign, permanently.
posted by George_Spiggott at 11:42 PM on September 16, 2003


also, running BIND is only tolerable with large doses of crack (and a chroot jail, of course...)
posted by dorian at 8:49 AM on September 17, 2003


One good idea I heard is that if you've spam confirmed by it not being in the lookup tables (ie. you get the Verisign search page on the address-check), send it to one of the Verisign email addresses. They've claimed ownership of the domain, so they should get the mail...
posted by five fresh fish at 10:25 AM on September 17, 2003


If you're curious, I spent some time decoding the javascript at the bottom of the verisign search pages. (blogged about it here)

Basically they put an image bug on the page, and through a company called omniture, gather up all your public information with the javascript, (Browser/OS, screen depth, resolution, browser dimensions, referer, attempted domain, number of suggested domains, etc), and call that image from omniture, thereby allowing them (omniture and verisign) to log your info, and gather statistics which they can potentially benefit from later (like selling robust statistical information about average browsers to clients).

The thing that burns me is that it's involuntary - It's not enough if you avoid clicking their links, they already grabbed some info from you when you entered their page (probably accidentally). I don't much mind letting companies like TiVo or Amazon gather info from me, since I know that's part of the deal, and I voluntarily use their service, but when it's not voluntary.... grrr.
posted by kokogiak at 11:06 AM on September 17, 2003


How are they determining which non-exist[e]nt domain names they serve [their] 'search' page to[?]

All non-existent domains ending in .com and .net get the search page.

My domain which has only a couple external links to them and a couple of links from it, serves up the standard "Cannot find server" page.

That would be because your domain exists, obviously.
posted by kindall at 11:57 AM on September 17, 2003


Is there an easy hosts file addition that might render this evil benign?

i added this line to my hosts file: 127.0.0.1 sitefinder.verisign.com and it's working well in terms of verisign no longer overriding my regular search feature (google).
posted by t r a c y at 12:13 PM on September 17, 2003


a good step to getting rid of the verisign monopoly is to start using opennic:

you can use it strictly as an everyday end user. or if you are some sort of nameserver.

anyone who has any kind of fileserver/router/&c. box at home, I recommend to run a local caching nameserver...it will speed up even simple things like browsing, and makes using opennic quite easy.

I have been using djbdns for a while, but to be honest I did not switch over to opennic until today, a direct result of this little fiasco.

(djbdns also has a patch floating around, but I've not tried it yet...)
posted by dorian at 12:17 PM on September 17, 2003


I tried opennic yesterday, and they were propagating the Verisign wildcard for nonexistent domains in the .com and .net space same as everyone else, so no help there. Maybe they'll run the bind patch.

If you run linux or have a linux gateway, a quick fix until the patches come out and stabilize is to add

route add -host 64.94.110.11 reject

to its startup scripts. This results in a "connection refused" error rather than NXDOMAIN but it'll serve most purposes for the short term.
posted by George_Spiggott at 1:19 PM on September 17, 2003


yeah opennic has to be transparent to lookups on the "real" internet (for now). so using opendns is not an actual solution to this specific verisign foolishness.

however, using opennic (or the like) will help lead toward the goal of moving away from such a monolithic thing as verisign.

solving the problem in general (or at least making a decent start) is much more satisfying to me.

metafilter.bbs anyone?
posted by dorian at 1:39 PM on September 17, 2003


kindall: "All non-existent domains ending in .com and .net get the search page."

I should have typed slowly for the reading impaired. What I meant was that I tried entering several incorrect spellings of my .com domain name that I verified (via whois) did not exist and I received the standard "Cannot find server" page.

My original question stands, your original answer sucked.
posted by DBAPaul at 2:40 PM on September 17, 2003


received the standard "Cannot find server" page

I would hazard to guess that the verisign, er, goodness simply has[had?] not entirely propagated itself 'round your way yet. the very nature of DNS changes means that they are not instant. don't worry, it will catch you up soon. unless of course your ISP (or some level of upstream) have already patched its nameservers vs. verisign, now that would be a splendid thing!

on the plus side, I have gone ahead and patched djbdns and it is now happily ignoring the following idiots:

*.ac 194.205.62.122
*.cc 206.253.214.102
*.com 64.94.110.11
*.cx 219.88.106.80
*.museum 195.7.77.20
*.net 64.94.110.11
*.nu 64.55.105.9
*.nu 212.181.91.6
*.ph 203.119.4.6
*.sh 194.205.62.62
*.tm 194.205.62.62
*.ws 216.35.187.246
posted by dorian at 3:38 PM on September 17, 2003


I should have typed slowly for the reading impaired.

Sorry I couldn't read your mind and instead had to resort to reading what you actually wrote! My bad.
posted by kindall at 5:44 PM on September 17, 2003


You might be interested in the Verisign Typosquatter Explorer just posted to Slashdot.
posted by arto at 10:34 PM on September 17, 2003


kindall, don't be an ass. I, for one, understood immediately what DBAPaul was saying. Your answer made no sense in terms of what he said - even if one assumes, as you apparently did, that DBAPaul is a moron, if he was typing in his domain name correctly, and it exists, why would he get 'the standard "Cannot find server" page' as he said?
posted by soyjoy at 8:48 AM on September 18, 2003


Verisign says they are not backing down, and has the gall to utter this: " O'Shaughnessy said the service has been embraced by end users. 'We've seen nothing but very positive results from the Internet community," he said. "Usage is extraordinary. Both individual users and enterprises are giving very positive feedback.' "
posted by kokogiak at 11:00 AM on September 18, 2003


I'm stunned that one organization has the ability to pull this off.
posted by crunchland at 11:22 AM on September 18, 2003


kokogiak: holy crap! my favorite part is where he lies^Wclaims that they are not in violation of any RFCs.

here's hoping that NANOG et al will be patching their BIND instances sometime soon.
posted by dorian at 12:00 PM on September 18, 2003


"O'Shaughnessy said the service has been embraced by end users..."

What is the service exactly? Is it that it will show you what the most likely domains names are to the one you mistakenly typed in? I'd hardly call that a service.
posted by Witty at 12:47 AM on September 19, 2003


Uh oh, while searching for something pirate related, I find a fake verisign domain as second hit on Google. I wont link http://heilbronnpirates.com/.
posted by dabitch at 5:52 AM on September 19, 2003


(Fake Verisign domain? Does this mean Verisign's pride and arrogance has opened up an opportunity for a hacker to hack into Verisign's servers and replace the present search page with something that could infect anyone happening upon the page with a worm? Or am I just being both paranoid and ignorant?)

I for one believe we should embrace our Verisign overlords. In the spirit of good will, perhaps we should help Verisign come up with a neato keen advertising slogan that they can put on all these search pages to better utilize this brand publicity opportunity. To that end I offer my suggestions:
  • "Verisign - You Deserve A Rape Today."
  • "Verisign - We're the Anti-Christ!"
  • "Verisign - Where you wanna go today? TOUGH!"
  • "Verisign - Not only did we invent the Internet, we gave birth to Al Gore!"
  • "Verisign - Be nice to us or we'll hit the off switch."
  • "Verisign - We're just asking to be jacked off by hackers."
  • "Verisign - Pop up and banner free for the next ninety minutes or so."
  • "Verisign - You're Not In Good Hands."
  • "Verisign - Don't like what we're doing? Stop using the Internet."
Within a few months, Verisign will be a household name. Right up there with Enron and Haliburton! We should be proud little lemmings!

Be seeing you.
posted by ZachsMind at 2:13 PM on September 21, 2003


FWIW, the complaints to ICANN seem to be generating some results....
posted by soyjoy at 9:59 AM on September 22, 2003


« Older Ken Kifer Killed by drunk driver   |   Federal Appeals Court Delays California Recall Newer »


This thread has been archived and is closed to new comments



Post