Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verisign Typosquatter Explorer

Posted by ryuzaki0 on from the something-to-think-about dept.

jelyon quotes Seth Finkelstein's website "I have written a program " Verisign Typosquatter Explorer" in order to examine [the Verisign] suggestions [for mistyped domains]. Future data may be analyzed as interest permits. Note tests with some domains seem to return results which are not constant, i.e. differences when the program is run repeatedly. This is not a program bug. Reloading the Verisign page also changes which squat-suggested domains are displayed. I don't believe it's an advertising rotation, but the behavior is similar to that practice."

23 of 367 comments (clear)

  1. petition by Anonymous Coward · · Score: 5, Informative

    Don't forget to sign the petition on Verisign's abuse of the DNS system.

    1. Re:petition by ChaosDiscord · · Score: 4, Informative
      I would like to see just one online petition that has carried any weight. It's the height of "slacktivism".
      Here you go. Apparently MoveOn.org's online petition was considered significant enough to warrant a press conference with two senators featuring boxes of printed out petitions.

      HTH. HAND.

      (All that said, I do agree that most online petitions are nearly worthless and don't carry anywhere near the weight of individually addressed messages. If you really care, take the time to express your position in your own words and send it as a letter (send an email in addition, if you like)).

      --
      Search 2010 Gen Con events
    2. Re:petition by delta407 · · Score: 5, Informative

      If you really want to make sure Verisign hears you, try some of my suggestions from other posts, duplicated below.

      A list of contact information is here. The Verisign main number is 1-877-438-8776, which gives you a long list of options. Depending on what you pick, you'll probably end up talking to a Network Solutions guy. Tell him you're distressed about the SiteFinder service, ask about what your options are, and ask if there's anyone else to talk to. They probably won't be much help, but write down everything they tell you, get their employee ID, and keep track of date/time for calls as well as time on hold (might be helpful).

      After some lengthy conversation, I found out that I should be talking to the Verisign Global Registry, but that they can't give me a phone number, because (supposedly) NSI doesn't even have a phone number. However, I did get an e-mail address -- sitefinder@verisign-grs.com, which is routed to someone's inbox (as in, a person, not a support center), which currently yields an "Out-of-office reply" that gives out a cell phone number (!). I don't think I'm going to call it, but at least I have more contact information on file now and an e-mail that will get read.

      Additionally, you might want to try calling the office of Russel Lewis, who's the VP of the Verisign directory services. He's at the Virginia office (1-703-742-0400), but I got disconnected instead of transferred and haven't called a second time (yet). If you try this number, you'll probably get a secretary, to whom you should explain that the standard procedures for communicating with Verisign have failed, that you are "very disappointed" and that you "want to make things right". (It works better if you're actually a Verisign customer.) If you're nice about it -- knowing that the secretary probably doesn't know anything about it and can't do anything anyway -- you can probably get routed to someone in the directory services division, where you can register further complaints.

      [...]

      I have been unable to raise the Chicago local office by phone, and when I went to visit, the visitor center couldn't even get a hold of them. Weird.

      I called their headquarters in CA a few times now. I was hung up on, randomly transferred to someone's voice mail (I'm not sure who), and finally talked to a particularly helpful representative who passed my queries to his manager. They said that SiteFinder was run by NSI, to which I responded that NSI said that SiteFinder was run by Verisign, to which I added that Verisign (as a global registry) is the only organization with the power to do something like that. He went to talk to his manager, told me that they were promised more information on SiteFinder by the end of today (9/17), and promised me a call-back in 24 hours.

      Updates to follow.

    3. Re:petition by the_mad_poster · · Score: 2, Informative

      I e-mailed sitefinder@verisign-grs.com.

      It looks like they've caught on and the e-mails are being routed to Customer Service. I got this auto-response:

      Thank you for contacting VeriSign Customer Service. We have received your email and a member of our Customer Service team will be responding to you shortly.

      Best Regards,

      Customer Service
      VeriSign, Inc.
      www.verisign.com

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  2. In case it gets slashdotted... by skank · · Score: 5, Informative
    Verisign Typosquatter Explorer
    by Seth Finkelstein
    Introduction

    On Monday September 15 2003, a change to .com/.net behavior was announced. In sum, every mistyped domain name, one that had not been registered, would be redirected to a new site controlled by the company which runs a major part of the domain name system, Verisign.

    When a URL has a misspelled domain name, Verisign's changes have the effect of redirecting every single HTTP page request (technically, HTTP response code 302). There is a redirection header and page which displays:

    The document has moved here.



    So, for example, the URL

    http://verisign-is-to.net/more/evil/than/satan/h im self.html

    Gets redirected to:

    http://sitefinder.verisign.com/lpc?url=verisign- is -to.net/more/evil/than/satan/himself.html&host=ver isign-is-to.net

    This site suggests corrections to the typo. I have written a program " Verisign Typosquatter Explorer" in order to examine these suggestions. Future data may be analyzed as interest permits.

    Note tests with some domains seem to return results which are not constant, i.e. differences when the program is run repeatedly. This is not a program bug. Reloading the Verisign page also changes which squat-suggested domains are displayed. I don't believe it's an advertising rotation, but the behavior is similar to that practice.
    Support

    This project was not supported by anyone. If anyone is providing financial support for such projects, the author would dearly like to know.

    Version 1.2 September 17 2003

    See also: Domain Investigations
    Mail comments to: Seth Finkelstein

    For future information: subscribe to Seth Finkelstein's Infothought list or read the Infothought blog

    See more of Seth Finkelstein 's Anticensorware Investigations

  3. Mirror by imadcow1 · · Score: 4, Informative

    Here is a mirror of the site in case it goes down: http://www.madcowworld.com/sethf.com/domains/veris quat/

  4. 20 lines of perl code makes a Slashdot story? by Xerithane · · Score: 3, Informative

    What is news worthy about this? This doesn't provide any statistics by itself. There is no wrapper scripts to actually match anything. All this does is parse the response page to display suggested hits. It's not even written that well.

    It prints the suggested URLs out and then what? This isn't an explorer, it's a shitty data dump.

    Besides, I thought Michael hated Seth. How did this story get posted?

    --
    Dacels Jewelers can't be trusted.
  5. On-line petitions don't work by Eric+Ass+Raymond · · Score: 4, Informative
    Indeed.

    Petitions are pathetic per se, but e-mail/web petitions carry absolutely no weight at all.

    I've worked for professional politicians. The web/e-mail opinion is irrelevant. If you want to be counted (not heard, mind you) send a letter or a fax.

    --
    BOO! TERRO
  6. Re:Canada by XJEEP.org · · Score: 2, Informative

    404 errors are generated by webservers. your browser would return a this page could not be found/resolved page before this was changed.

  7. Re:no response by flipster23 · · Score: 1, Informative

    I have not been able to load that page on purpose either. It comes back as 64.94.110.11 for bogus names when I use dig, but Konqueror doesn't load a page. It says timeout on port 80. I've tried chaning browser ID tags to IE 5.5 for that IP, plus for the domain name it should give back. A friend of mine got it to load on Windows XP, but perhaps it has something to do with what OS you are using, even if you change browser tags?

  8. Re:what am i missing here?? by Meowing · · Score: 2, Informative

    It seems to work maybe 1 in 5 times. They pretty clearly did some serious underestimation of the server resources they's need to pull off this kind of thing, so now they are effectively DOS'ing Web clients by holding them up while their server chikes.

  9. Re:Canada by Cecil · · Score: 2, Informative

    Incorrect. Domain change propagation still takes up to 48 hours, even when it's Verisign doing it.

    This change is on the root servers. They serve the .com/net/org subdomains, period. Whether you're in Canada or Antarctica, it doesn't matter. Some ISPs will have the new wildcard record, some will not. Give it a day or two, and everyone's caches will have expired and will have the latest info. Then you'll get to see it.

    --
    Random and weird software I've written.
  10. Re:Fix how? by Anonymous Coward · · Score: 1, Informative

    They are releasing a patch in response to fix this slashdot.org

  11. Send Email to the CEO of ICANN by Nintendork · · Score: 2, Informative
    Paul Twomey

    -Lucas

  12. Email the CEO of Verisign! by Nintendork · · Score: 2, Informative
    Here's the email address of the bastard himself, Stratton Sclavos

    -Lucas

  13. Re:How to make their marketing fools notice by Xerithane · · Score: 2, Informative

    Marketing fools don't read web server logs.

    You have never actually worked at a company have you? You do realize that people make millions of dollars a year writing web server log analyzers and correlators for marketing research. Don't take my word for it though.

    Single quotes are your friend. Anyone who types \& is a dumbass.

    Really, how do you propose to pass a reference to a subroutine? Oh, you mean in shell syntax? Why do single quotes when you can just escape. Escaping is a pretty handy thing.

    You're a dumbass.

    You need some help, mate. Seriously. Get a cat or something.

    --
    Dacels Jewelers can't be trusted.
  14. ICANN, IAB, IETF official response by MobyDisk · · Score: 4, Informative

    Official response is here

    Essentially, they state that this change violates the RFC for DNS for several reasons. They are creating an IETF working group to recommended practices for implementing DNS, above and beyond what the RFC requires. Unfortunately, there is no mention of any action, or even censure.

  15. Sitefinder link for the firewalled by missing000 · · Score: 2, Informative

    Here

  16. Re:Why is this bad? by wasabii · · Score: 2, Informative

    Spam filters could filter out "forged" email by verifying if the from address' domain actually resolved. Every address now resolves. Programs which check weither or not a web address is "up and working" can now be fooled into thinking it is up when it is not. There are hundreds of similar programs or software running in organizations that expect clear and consistant error information.

    This bypasses my choice of search engine withing my browser for non existant domains (currently google).

  17. Re:how to stop it now until BIND is fixed by node159 · · Score: 2, Informative

    Dude, that don't fix the apps, which is the main problem that the dumb cunts at VerShit didn't think about. Now all my programs can't figure out that the entered address is not at ip 216.168.224.63 or 64.94.110.11. So instead it tries those Ip's and has to time out. Hopefully their servers are getting flooded the fuck out but I guess one really needs to write a proper app to cause any serious damage that may get them to change their minds.

    --
    GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
  18. Re:Wrote email to VeriSign by bradipo · · Score: 2, Informative

    Transfer it regardless of what they do, you will feel much better afterwards. I have already transitioned over 30 domains from Verisign/Netsol to Dotster and will continue to register any new domains there as well. Much better service there and much more clueful.

  19. Re:None - they are not forging MX records by AndrewRUK · · Score: 2, Informative

    Except that, if a domain name has no MX, the A record is used instead.
    Quoteth chapter & verse (RFC 2821, section 5):
    "If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host."
    So, any mail to a non-existant domain will be (attempted to) be delivered to 64.94.110.10, which helpfully has "Snubby Mail Rejector Daemon" running on port 25.

  20. BIND patch by Dasigner · · Score: 2, Informative

    Check it out...

    BIND delegation-only patch:

    In response to high demand from our users, ISC is releasing a patch for BIND to support the declaration of "delegation-only" zones ... This can be used to filter out "wildcard" or "synthesized" data from NAT boxes or from authoritative name servers whose undelegated (in-zone) data is of no interest.