| At Large Membership and Civil Society Participation in ICANN |
|
|
|
|
|
Avast, Earthlink
posted by tbyfield on Thursday April 24 2008, @08:34PM
Ryan Singel, writing for WiReD's Threat Level weblog (can we please go back to that term?), reports on yet another dubious innovation that's part typosquatting, part phishing:
[S]tarting in August 2006, Earthlink instead intercepts that Non-Existent Domain (NXDOMAIN) response and sends the IP address of ad-partner Barefruit's server as the answer. When the browser visits that page, the user sees a list of suggestions for what site the user might have actually wanted, along with a search box and Yahoo ads.
The rub comes when a user is asking for a nonexistent subdomain of a real website, such as http://webmale.google.com, where the subdomain webmale doesn't exist.... In this case, the Earthlink/Barefruit ads appear in the browser....
It gets worse:
[S]ubdomains are only as secure as Barefruit's servers, which turned out to be not very secure at all. Barefruit neglected basic web programming techniques, making its servers vulnerable to a malicious JavaScript attack. That meant hackers could have crafted special links to unused subdomains of legitimate websites that, when visited, would serve any content the attacker wanted.
The hacker could, for example, send spam e-mails to Earthlink subscribers with a link to a webpage on money.paypal.com. Visiting that link would take the victim to the hacker's site, and it would look as though they were on a real PayPal page.
Paul Vixie politely describes this as a "problem exacerbated by inappropriate monetization of certain DNS features." And if the Pentagon distorted GPS signals to bidders on a first-come, first-served basis—say, off the Somalian coast or in the Strait of Malacca—that would be "an inappropriate monetization of certain GPS features."
Unfortunately, the problem isn't limited to Earthlink.
|
|
|
|
|
[ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]
|
|
| |
|
This discussion has been archived.
No new comments can be posted.
|

Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their
respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com
|