Slashdot Mirror

← Back to Stories (view on slashdot.org)

Resolving Everything: VeriSign Adds Wildcards

Posted by ryuzaki0 on from the gotcha dept.

DragonHawk writes "As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising." Read on below for some more information.

"(VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.)

This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time.

Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless.

VeriSign has published white papers about their implementation and also made some recommendations."

39 of 1,291 comments (clear)

  1. But... by Anonymous Coward · · Score: 2, Funny

    according to this "soemcompany.com" isn't wrong.

  2. Strike Back with Poor Typing by nightsweat · · Score: 3, Funny
    As a Denial of Service Attack Iwill continue to manually type domain names and not take typing classes.

    I oughta be able to bring em to their knees in a day or two.

    --

    the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
    1. Re:Strike Back with Poor Typing by Jeffrey+Baker · · Score: 2, Funny

      Ah, that does make sense. It also allows VeriSpam to harvest misspelled email addresses ;)

    2. Re:Strike Back with Poor Typing by bigberk · · Score: 2, Funny
      Seems like not answering to port 25 would fulfill all your mail rejection needs.

      What are you, crazy? You're saying that if no service exists at an address then nothing should be returned? You obviously don't have a business degree and don't work for Verisign. Returning nothing would clearly waste valuable potential for new business.

  3. Verisign just DDOSed itself by diamond0 · · Score: 3, Funny

    Verisign just DDOSed itself by redirecting untold numbers of spam bounces to a single IP. Good job, guys!

    --

    --
    There is no hatred more pure and true than that expressed by children.
    1. Re:Verisign just DDOSed itself by etcshadow · · Score: 2, Funny

      You didn't hear it from me, but...

      Go to any machine you have a login on and:

      while true; do for i in 1 2 3 4 5 6 7 8 9 0; do wget -O /dev/null `head -c 30 /dev/urandom | perl -pe 's/[^a-zA-Z]//ig'`.com >& /dev/null & done; echo -n . ; sleep 1; done

      If you don't have wget, be creative. Substitute curl, maybe. Or mail. They're totally asking for it.

      Of course, I'm not *actually* advocating a voluntary distributed denial of service attack against this unbelievable bullshit. That would be irresponsible. Shame on anyone for thinking of it. ;-)

      --
      :Wq
      Not an editor command: Wq
  4. Is it just me? by Anonymous Coward · · Score: 2, Funny

    Or is this a bit of a coincidence given story

    sreb

  5. Re:wonder of wonders by Anonymous Coward · · Score: 5, Funny

    It is not that bad. At least if you enter "Verisign sucks big donkey balls", two of the three first results are from Slashdot.

  6. wahts the porelbm? by yali · · Score: 4, Funny

    For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake...

    What do you mean, "by msiatke"?

  7. I'd rather resolve to goatse.cx by Anonymous Coward · · Score: 0, Funny

    oh wait a minute....

    no i don't.

  8. Re:How can we undo this? by Anonymous Coward · · Score: 5, Funny

    Anyone have any information on whom to contact to put an end to this absurdity?

    I think you mean Commander Taco. Or were you talking about that dns thing?

  9. My Rights! My Rights! by Alex+Pennace · · Score: 2, Funny

    Help!

    VeriSign has taken over www.lksdjglkjdslkjg44.com! This infringes on my trademark, which I have been using since 21:31 EDT. Unless VeriSign transfers that domain to me, for free, I'll sue!

  10. This is what happens Larry... by MrPerfekt · · Score: 4, Funny

    when you fuck an RFC in the ass. *baseball bat on car headlight*

    --
    I just wasted your mod points! HA!
  11. But we can't hate them... by ShawnD · · Score: 3, Funny

    They are running Linux.

    Just a little humour...

  12. Re:wonder of wonders by mosch · · Score: 5, Funny

    Actually, the verisign search seems to be pretty good. A search for FUCK VERISIGN returns a slashdot article about verisign sending out deceptive domain renewal mail as the second result.

  13. BANZAI!!! Self-DoS Attack of Ownage by Cordath · · Score: 3, Funny

    This is one helluva of a way to drum up traffic, so I'd be curious to know what kind of steroid-pumped uber-server and fat petabyte pipe they plan to run their site on. Personally, I suspect the ad page will be taken down by Verisign themselves when they smell smoke coming from the server room and see their sysadmin's running around naked on the front lawn while tearing out their hair and screaming "SWEET MOTHER OF SMEGMA, MAKE THEM STOP!!!".

  14. Re:Agreement by typo. by flatt · · Score: 2, Funny

    3. COST OF THE VERISIGN SERVICES.
    The Verisign Service(s) are provided to you free of charge.

    I can't wait under they start charging for this wonderful service.

  15. Re:Now let's see by DA-MAN · · Score: 2, Funny

    I believe you are looking for www.hotmale.com

    --
    Can I get an eye poke?
    Dog House Forum
  16. WARNING, DON'T CLICK! by Anonymous Coward · · Score: 1, Funny
    That's not random--it's Welsh for "Commander Taco."

    ~~~

  17. Type whatever you want... by Ieshan · · Score: 2, Funny

    Just type in any URL you don't think corresponds to an address, like www.googoogoogle.com. All the contact info will be on the bogus page that pops up.

  18. Scuh a walircdd culod be used for good by lplatypus · · Score: 2, Funny

    Hinavg jsut raed the shoasdlt srtoy eeilnttd Can You Raed Tihs?, I bigen to wnoder if the sirntg mthicang used by DNS is too sitrct. Sulery a pmueertd nmae culod be rtdcireeed to the ceorrct stie? Aslo, one suhold not be aoellwd to reeisgtr a doamin nmae wihch is a smlipe pimaureottn of an esxiintg dimoan name wtih the smae frist and last leettr.

  19. Re:Oh common, the workaround is so obvious... by jaysones · · Score: 2, Funny
    Akin to shooting themselves in the foot with a 45 caliber pistol; it's going to anger a lot of people in the IT industry.
    I don't think a lot of IT people would be very upset if they shot themselves after this! :D
  20. Re:Mail trap by xdroop · · Score: 3, Funny
    Quick, saturate web pages with hundreds or thousands of nonsensical email addresses -- we can dilute spammer's lists, _and_ flood verisign.

    Everybody wins!

    --
    you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
  21. Oh great! by jeeryg_flashaccess · · Score: 2, Funny

    Tihs is all thanks to sldhsaot's sroty elirear today! Hree's a lnik jsut inacse

    http://science.slashdot.org/article.pl?sid=03/09 /1 5/2227256&mode=thread&tid=133&tid=134&tid= 186

    --
    Life is like pants... fit in or you don't fit in.
  22. Drastic times call for drastic measures. by pr0ntab · · Score: 2, Funny

    Let's define reserved bit 3 in RCODE to be the "evil bit".

    So if a patched named resolves a domain to an IP node on a DNS-tomfoolery blacklist, it returns 11 instead of 3, ie. FUCK_VERISIGN instead of NXDOMAIN.

    libresolv on Solaris, glibc, etc. should be modified accordingly. Perhaps an environment variable determines the behavior: default is to map non-existant, of course.

    --
    Fuck Beta. Fuck Dice
  23. Re:wonder of wonders by morganjharvey · · Score: 5, Funny

    No, the real fun is that if you misspell verisign like this:
    http://www.veirsign.com
    Looks like someone beat them at their own game. :)

  24. Re:Complain to Verisign as well by PD · · Score: 2, Funny

    Very good, I just sent them this mail:

    From: Patrick Draper <slashdot@pdrap.org>
    To: authenticode-support@verisign.com, annel-partners@verisign.com, clientpki@verisign.com, consultingsolutions@verisign.com, dbms-support@verisign.com, dnssales@verisign.com, enterprise-pkisupport@verisign.com, enterprise-sslsupport@verisign.com, info@verisign-grs.com, internetsales@verisign.com, IR@verisign.com, jobs@verisign.com, mss@verisign.com, objectsigning-support@verisign.com,
    paymentsales@verisign.com, practices@verisign.com,
    premiersupport@networksolutions.com, press@verisign.com,
    privacy@networksolutions.com, renewal@verisign.com,
    support@verisign.com, verisales@verisign.com,
    vps-support@verisign.com, vts-csrgroup@verisign.com,
    vts-mktginfo@verisign.com, webhelp@verisign.com,
    websitesales@verisign.com, websitesupport@verisign.com,
    billing@verisign.com
    Subject: Fix the Internet, you broket it!
    X-SpamProbe: GOOD 0.0000000 3f0bd9f2ffff366c6e9e732ad3227480

    Stop your silly games with the wildcard A records.

    Love,

    Patrick

    --
    Patrick Draper | Don't |sig4433@pdrap.org
    Austin, Texas | Fear |Father Order runs at a
    http://www.pdrap.org | The |good pace, but old Mother
    Be Microsoft Free - Use Linux |Penguin |Chaos is winning the race.

    --
    If tits were wings it'd be flying around.
  25. Here you go by Anonymous Coward · · Score: 2, Funny

    #!/usr/bin/python
    import socket
    x = 0
    while True:
    try:
    x += 1
    dns = "www." + "verisignsucks" + str(x) + ".com"
    s = socket.gethostbyname(dns)
    print dns, "resolved to", s
    except: print "resolving", dns, "failed"

  26. What's next? by drx · · Score: 5, Funny

    If you look for a file that doesn't exist on your hard drive, you will get ads for MS Office, telling you that you can create your own files with that!

  27. Shocked... by Anonymous Coward · · Score: 1, Funny

    "I was shocked to discover that ome company actually tries to sell products on a website called 'www.fuck-children.com'"

    Who are these verisign paedophiles anyway?

  28. I feel a bit like Aurther Dent by Ex+Machina · · Score: 2, Funny

    The plans have been on file for how long??? eeesh

  29. Re:Complain to Verisign as well by tulare · · Score: 2, Funny

    Heh, the spambots are going to have a field day with your post. Good man.

    --
    political_news.c: warning: comparison is always true due to limited range of data type
  30. verisign-sucks.net reaches them fine by billstewart · · Score: 2, Funny

    I tried some obvious alternate spellings for Versign's domain name, such as verisign-sucks.net, and they do reach that page. Verisign-sucks.com doesn't get there, but that's because somebody's already registered it....

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  31. Re:wonder of wonders by cerberusss · · Score: 2, Funny

    You bastard. You forgot to mention to put quotes around it. I looked up that sentence at a client and now they want my balls because the first zillion results returned pr0n sites.

    --
    8 of 13 people found this answer helpful. Did you?
  32. Re:Which domains? by Anonymous Coward · · Score: 1, Funny

    You expected Verisign to fuck up the Internet correctly?

  33. M$ by Anonymous Coward · · Score: 1, Funny

    1. (optional) M$ buys Verisign secretly.
    2. Verisign gets *.com & *.net.
    3. sitefinder.verisign.com gets more hits than google.com.
    4. Verisign switches to latest & greatest M$N technology.
    5. Google is dead.

  34. all your .com are belong to us by Anonymous Coward · · Score: 1, Funny

    all your .com are belong to us

  35. Fun Stuff by Speljamr · · Score: 1, Funny

    Try this link: http://sitefinder.verisign.com/lpc?url='%3E%3Cfont %20size=+5%20color=%23FF0000%3EVERISIGNSUCKS%3C/fo nt%3E

  36. Put this in your crontab: by pen · · Score: 2, Funny

    0 * * * * lynx -dump http://www.verisignisevil.com/ > /dev/null