It suits the wearer, and not the starer
|
|
|
UK controls Internet security
A SERVER IN THE UK is all that stands in the way of a huge security exploit which is based on a cunning plan by the US' largest ISPs to make a buck out of punters who mistype web addresses.
IOActive security researcher Dan Kaminsky found the flaw and promptly warned Earthlink and its technology partner, a British ad company called Barefruit, who patched it.
However he warned that the danger of the hack remains as the entire security of the internet is now dependent on what he graciously dubbed some "random-ass server run by some British company".
Since 2006, Earthlink has intercepted Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit's server in Blighty. It will then give a list of suggestions for what site actually wanted.
However, if there is nothing like a suitable site that Barefruit can look up you get an Earthlink/Barefruit ad in the browser.
Kaminsky claims that this meant that the whole operation was only as secure as Barefruit's servers, which weren't really. Its servers are vulnerable to a malicious Javascript attack and hackers could have crafted special links to unused subdomains of legitimate websites that would deliver any nasty content the hacker liked.
He said that, while Barefruit fixed the immediate Javascript hole, the underlying problem is that ISPs should not be pretending to be sites that don't exist.
Wired quoted DNS expert Paul Vixie, who is the president of the nonprofit Internet Systems Consortium, who said that the problem was not with the core Internet protocols, which he could fix, but was due to the fact that ISPs were trying to to make cash off certain DNS features.
Barefruit's Dave Roberts was quoted as saying that all it was doing was providing an improved Internet user interface by replacing unhelpful and confusing error messages with alternatives relevant to what the user was seeking. µ
L'Inq
Wired
Share this:
Share
How are they getting through the security of the true hosts to the existing sub and similar-sounding domains, just because another ISP lists them as alternate options that 'you may also be interested in'?

If you're a domain jacker you'd already know how to get lists of similar names that are free, and find out unused sub domain names.

It makes it sound like they found a way to get the ISP listing the sites to host (or redirect to) jacked versions of them? In that case, only the ISP doing the listing is insecure, not the actual real sites.

But then if you mistyped a real site, and were taken to a page of alt options to it, you might actually then notice you'd mistyped it. Would you really go visit the alt options, and continue to not notice none of them were the site you were originally after.

Unused domains, is a different story. Using those isn't threatening any security directly.

Or is this more about users being directed to visit dodgy sites - which again, isn't a threat to internet security directly (anymore than visiting any other dodgy site is).
I think we all agree, that we don't wan't to see addsites when we accidently mistyped a url. In most cases they don't offer right what you search for but what they want to sell to you. I sometimes loose some seconds of my onlineexperience because i took some of these sites for real websites and did not realize my mistake. I like Error messages more.

Well, they cannot send you to a Spamsite when the domain you typed isn't even registered. Its only possible when the domains are explicitely registered or if soem subdomains are not used. In both cases the Owner of the correct domain can do something against if. He could either warn the provider who registered the mispelling or sue him. And with every domain he has he should use a dnstag with widlcards, that lets every subdomain translate to his mainsite. If he cannot control the dns tags via a domainrobot, he can call his Provider to do so.
Every Owner of a website should do so to prevent exploitation of unused subdomains by the provider.
What a brilliant piece of reporting Nick!