Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
From the letter to ICANN:
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
Well, I think that the world would have appreciated the same level of consideration before the system was ever even implemented in the first place.
Unilateral Military Action.
Mod this scapegoat first post to avoid all of the stupid first posts to follow.
Die Pooper!
In case you are not a doubleplusgood duckspeaker, here is a helpful translation of Verisign's letter to ICANN.
.com and .net zones.
Dear Paul:
Translation: Dear meddlesome twit:
This will respond to the ICANN Advisory concerning VeriSign's Deployment of DNS Wildcard Service dated 19 September 2003.
We're about to tell you where you can stick your "advisory".
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the
Verisign has no problem being just as sleazy and underhanded as any of our competitors.
This was done after many months of testing and analysis and in compliance with all applicable technical standards.
Marketing sees dollar signs, and legal says we can get away with it.
All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder.
None of the lusers who installed "The Internet" on their computers has a clue that we've even done anything.
These results are consistent with the findings from the extensive research we performed.
They are, however, clicking the pretty buttons, just like we hoped they would.
We are, of course, very interested in any objective technical information ICANN may have received concerning the service and would welcome the opportunity to work with you to review such data. To that end, we have reached out to schedule meetings... of leading experts in the field.
Let's have a meeting. Then another. Then another. Then, we'll codify the new de facto "standard".
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
We're going to get our way, because we can, and there's nothing you can do about it. Weenie.
After completing an assessment of any operational impact of our wildcard implementation, we will take any appropriate steps necessary.
And if we don't get our way, we'll pay off anyone we need to.
I look forward to continuing to work with you on this issue.
Kiss our ass.
Best Regards,
See you in Hell,
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Something that seems to be mildly overlooked here, in my opinion, is that this has the power to give VeriSign "ownership" of the web in many users' minds.
If my mom tries to go to http://www.gooodhousekeeping.com and gets a VeriSign message and a search box, well it doesn't take much of that before she starts thinking that VeriSign == The WWW, because VeriSign is who always tells her what she typed wrong and where she should be going.
What this comes down to is a company trying to "brand" the web. In many ways, Google has been successful at this, but they have actually played fair and achieved what they have on the basis of merit. VeriSign is ABUSING their power to brand the web as their own.
It should be patently obvious by now that VeriSign's modus operandi is one of deceit and trickery. Evidence the fake "renewal" cards they have sent out in the past to "slam" DNS registrants much like the shady phone companies have tried to do with your long-distance.
Damn, it's ridiculous that people even try to get away with this sort of crap these days...will someone with the power to please stop this?
21 September 2003
.com and .net zones. This was done after many months of testing and analysis and in compliance with all applicable technical standards. All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder. These results are consistent with the findings from the extensive research we performed.
VIA E-MAIL &
VIA FASILMILE (310) 823-8649
Paul Twomey
President and CEO
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601
Re: ICANN Advisory Concerning VeriSign's Deployment of DNS Wildcard Service dated 19 September 2003
Dear Paul:
This will respond to the ICANN Advisory concerning VeriSign's Deployment of DNS Wildcard Service dated 19 September 2003. In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the
We are, of course, very interested in any objective technical information ICANN may have received concerning the service and would welcome the opportunity to work with you to review such data. To that end, we have reached out to schedule meetings with ICANN's Chairman, Vint Cerf, and the Chairman of ICANN's Security and Stability Advisory Committee, Steve Crocker, to exchange information regarding issues that may be encountered in the community. We have also formed an independent technical review panel to gather and analyze data for the purpose of assessing any operational impact of our wildcard implementation. The technical review panel will consist of leading experts in the field.
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data. After completing an assessment of any operational impact of our wildcard implementation, we will take any appropriate steps necessary.
I look forward to continuing to work with you on this issue.
Best Regards,
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
The bottom line is that Verisign's DNS behavior screws up lots of other systems. If I go to a domain registration site, and ask it "is this domain registered?", it will go see if there is an IP for that domain. Verisign's behavior screws this up, because now all .com and .net domains will return an IP address.
And it's being very disrespectful to the computer industry. Verisign is no better than Microsoft here; they are snubbing their noses at what they agreed on. They need more than just a slap on the wrist. They need to learn that they DO NOT have the right to do whatever they decided. Microsoft does it, but it doesn't mean that they can do it.
The same "independent" panel of industry leading experts recommends SCO's Linux license and conducted a study showing that Windows is indeed cheaper than Linux and BSD.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
Why not visit sitefinder and DDOS...erm i mean Slashdot... it instead... Sure would be one way to solve the problem...
I think it's time for ICANN to look for someone else to run the NET and COM TLDs. Not only are they unwilling to suspend SiteFinder after an enormous public outcry and a direct request from ICANN, but they didn't even bother telling anyone they were going to do this in the first place ahead of time. This is absolutely terrible, and I hope ICANN finds someone else to manage these TLDs
I mean, do most of slahsdot.org users make any mistakes when searching for googel.com, amzaon.com and freeebsd.org? I don't think mis-spelled domains are that much of a problem.
"In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the .com and .net zones."
What "other registries" do this? I haven't heard a thing about it, even on Slashdot.
One would think this would have been noticed here...
We'll know if these "negotiations" fall apart if "www.icannwatch.org" suddenly displays SiteFinder.
I watched C-beams glitter in the dark near the Tannhauser gate.
Dear Paul:
Fuck off and die.
(gracious sign off),
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
VIA E-MAIL &
VIA FASILMILE (310) 823-8649
Fasilmile? Is this some new form of communication that I've never been told about?
Okay, so I can see and understand the effect wildcarding had on the domains, and why it's bad thing.
.net and .com domains? If not, who can?
I'm also familar with the basic structure of the DNS network. However, I'm not familar with the regulatory system.
Can someone explain who regulates who gets to control what domains? Can ICANN revoke Verisign's control of the
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
http://sitefinder.verisign.com/lpc?url=[typoed-url -here]
But it should not be mandatory.
of SiteFinder is the fact that non-English speakers no longer receive an error message in their own language, but are confounded with some bizarre English language site which certainly wasn't where they were trying to get to.
Well well well. I've gone from having no sympathy for VeriSign to having less than no sympathy for VeriSign. Let the war begin.
Obviously this project has a significant return - otherwise they would not have invested some amount of time and energy into its implementation, knowing the backlash that was to be expected. That said, you really thought they'd give it up without a fight, especially considering the damage they've already done to their brand? Oh the arrogance.
...that enough of a ruckus will be kicked up over this that someone will have the following bright idea:
.net, .com., and .org. Everyone's screwed. So much for the free, cooperative, works-of-our-own-free-will Internet. Thanks, Verisign.
Let's make this illegal!
Voila. Government steps in to take over
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
AFAIK they have allways delivered a decent service at decent price to their customers. Compared to normal bussiness practise they are just very ethical in their behavior. As a long time customer I must say that they are nice to deal with compared to many of those unethical companies that you find on the internet that just want to scam you.
What is it with their offer to route misspelled domain names that you hate so much?
Give them some credit; they are only trying to make a buck and survive as a company.
Proud patriot and republican voter.
I just null routed their ENTIRE array of IP addresses in my router. Now I can't even get to their site and accidentally buy a domain there. I also moved any domains I had with them to GoDaddy. if everyone else tells everyone they know to use another registrar or use another SSL key company they will see a loss :-)
If ISP's null route them your defense is.. Well, you changed the rules why cant I?
Just imagine a DDOS worm that generates RANDOM strings that end in .com and launches parallel Denial of service (even http connection requests)
;)
to whatever Ip address comes back.
Just imagine a Code-Red style worm that lingers for years after on clueless admin's machines whose spreading mechanism is by random domain name instead of random IP addresses.
Sure, it'd take a lot longer for it to spread, but the cumulative effect would be to take whatever server is addressed by the wildcard address out of commission!
(Not that I'm advocating creation of a worm, but can you imagine the outcome of this kind of thing?)
Here is something interesting: Check out the Terms of Service:
http://sitefinder.verisign.com/terms.jsp
Is there anyway I can turn this service off? I disagree with the terms.
Ted
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Dear Paul
After the extensive research of how IE directs bad names to MSN Search, we decided that we couldn't let the bastards at MS be only ones that makes money off of poor saps who can't type their URLs right.
We really don't give a rat's ass about what ICANN thinks but just to shut your whiney mouth off, I hires a review panel of leading experts in the field. They include Linux code reviewers from SCO, the guy who thought of domain parking for Register.COM, and the guy who invented One-Click shopping.
As to your call for us to suspend the service, I'd like to politely say "go fuck yourself" with the upmost respect ICANN's Chairman, Vint Cerf, and ICANN's Security and Stability Advisory Committee, Steve Crocker. Crocker, now that's a funny name, just like ICANN.
If you send any more letters, I will personally wipe my ass with it.
Go to hell,
Russell Lewis
Executive Vice President, General Manager
All Your Typos Are Belong To Us, Inc.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
Take a look at this:
If I go to a domain registration site, and ask it "is this domain registered?", it will go see if there is an IP for that domain.
[Ed. Note: No it doesn't]
You moderators are fucking stupid.
With this response to everyone's genuine doubts and misgivings about their recent practices, I think Verisign has ultimately, definitely made it clear to everyone that they are unworthy of administering .com&.net. They have totally and utterly disqualified themselves.
One would have at least expected them to see what they did wrong and concede that Sitefinder was a stupid move.
Now that they are "setting up an independent committee" to contemplate this, I think everyone readily understands they lost touch with reality.
Enough already. Out with Verisign.
Either we all decide ICANN has no teeth because they've been ignored by these larrikins, or we rally behind them... I wonder which it'll be?
I'm not supposed to get jigs in it!
Memo - For Immediate Distribution
From: VeriSign
To: ICANN
RE: Sitefinder
Pound sand, dickheads.
See, two days ago this was a technical issue that only a handful of nerds cared about. Two months from now it's going to be "Verisign, the organization granted a monopoly on control of the entire Internet and insists on defyingthe rest of the Internet community." People who never even heard of DNS will come away from this thinking that Verisign means shady.
Save us all the time and dozens of inevitable Slashdot stories (+ dupes) and dump the thing.
WAR!
Lauch the blacklists!!!
Verisign just lost it's monopoly over DNS with this stunt methinks. They pised off ICANN, EFF, Slashdot, 99% of the tech industry, and instead of putting their foot in to test the water and going "oh, the shark that just bit my foot off might be a problem" they say "eh, it's just a foot". Everyone is justifyable angry about this.
So, they took of their glove, slapped a couple million people in the face, threw the glove to the ground and drew their sword, to have a mideval analogy.
I say we blacklist their entire domain of advertising websites. A form of blackmail and protest; if nobody can get to their website to register, then they can't very well do buisness effectivly now can they? Sure, people'll get angry about how they can't reregister. The whole point is to show verisign what happens when you piss us off. Lets make a mess so big out of this that they'll never recover!
Candy-Coated Knowledge
It appears that Network Solutions may have learned to tuck tail and run whenever anyone comes asking what the hell their parent company is doing.
..."
When they responded to me last week, they told me that Verisign was "well within the guidelines" that Verisign set up in the document they created for their own "service."
Now I only get form responses from NetSol drones: "It seems you are having trouble with the SiteFinder service. Please read the SiteFinder FAQ at:
If not, what better target for a lawsuit!
All these changes to the good ol' Internet. Back in my day there was one registrar, and we liked it. And none of this "broadband" hooey. We had real modems that made squeely noises, and it was good enough then, its good enough now.
Damn kids these days...
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
This is truly remarkable.
I guess the providers all over the world scrambling to disable this crap are not Internet "users." And the tens(hundreds?)-of-thousands of dollars in labor spent to implement the work-arounds need to be tallied up before they might admit to a negative impact.
What an arrogant bastard.
Hey, if you feel strongly about this issue, you can reach them directly. Just call 703 925 6999. That's the direct line for VeriSign Naming and Directory Services. I tried to get Rusty on the line, but they're on the East coast and he had already left the office.
I just spoke with a nice secretary lady whom told me that she was 'sad to hear' that I, "an investor", was going to sell my "2000 shares" of Verisign first thing in the morning due to their horrible wildcard DNS policies.
When I asked why they are doing this, she told me it was a "marketing decision" and that "somebody in the marketing department" thought it up.
She said that I was the first person she had heard complain about it, though she had read somewhere that it was "controversial".
If anybody has any success getting through to these people, post any interesting tidbits you find out. Thanks.
# wrote sig.txt, 23 lines, 31337 chars
Original Source
I think it's interesting how ICANN is coming at this situation. I think you have to realize how much money VeriSign makes ICANN. I'd dare to say that over 70% of all of ICANNs revenue is generated from VeriSign.
So It's sort of the same situation that we are in with Middle Eastern Oil. We're trying to tell them, 'Hey, make it cheaper and give us more' but we cant strong arm them. 'cause if they up and leave we're left high and dry.
If VeriSign were to be revoked their registrar status, ICANN would stand to lose millions.
yet they don't even trust themselves. The seal at the Verisign owned THAWTE site currently says:
Invalid Certificate
2003-09-23
and when you click on it:
This page (thawte.com/html/ISP/index.html) is not permitted to display the Thawte Site Seal.
Irrelevant, but amusing nonetheless.
If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.
Dear verisign,
The recent update to BIND contains a feature you should be aware of.
In 1 month, every lookup for any domain registered directly with verisign will fail with %0.1 probability.
The probability will increase by %0.1 per day until the wildcard issue is resolved or until verisign becomes useless as a registrar.
We look forward to a prompt and amicable resolution.
Best wishes,
The Internet.
"dot cc" and "dot cx" & maybe others...
I'm wondering how much bandwidth and capacity they have to handle the malformed or mistaken URL's. Seems like an DOS exploitation of this service could happen fairly easily.
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the .com and .net zones.
.com and .net zones, but in actuality what they are saying is "Other registries have deployed wildcards, and we are doing the same, but in the .com and .net domains".
You need to know what's going on to understand this bit. What they want people to think is that other registries are also deploying wildcards in the
However, most people who are unhappy with VeriSlime will easily see through this piece of doublespeak.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
if Verisign's contract is revoked ICANN wil just choose another registar and will still make their moeny..
Don't Tread on OpenSource
Ok first it's the domain name disputes (sex.com for example), then it's the phony registration scheme, then it's this sitefinder service, somebody really needs to give the CEO an a$$ whoopin. Who volunteers?
The feds? I say they're interfering with other business and are lawsuit material (IANAL).
Does ICANN truly have any power to strip them of their registry privileges (I'd hope so).
Or maybe just Darwin will take hold for the fact that they've pissed off the entire tech world to the point where nobody will give them money, and having none they die and let the stronger brains survive.
...in bed
An (ignorant, and there are plenty) user trying to see if a domain resolves or not via a http query will never get an unresolving domain with sitefinder in place.
Meaning they may not plunk down the $$$ for said unresolving domain -- period, because they think it's taken. This could cost verisign quite a bit in unrealized loss of sales.
Verisign pays their own going annual rate for any mistyped domain they return a hit for. It's only fair if they charge us for the same service. The money should then be applied as a credit to anyone with a Verisign-hosted .com domain. =)
-Rhomboid
Or can we poison their database? If the SiteFinder page brings up links to pages of 'similar' nature that have been paid for, then can we put in a million requests for sitefindersucksdonkeys.com and make their db useless, just like the spam tarpits?
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
I am a Mac OS X user and recently read an interesting hint on the Mac OS X Hints website.
It appears that simply blocking sitefinder.versign.com leads to a rather unpleasant 'timeout' error in a browser: a long wait prior to a timeout is hardly better than an instant appearance of VeriSign's SiteFinder service.
However, one of the users, in the comments on the hint, noted that "[w]hen you type an incorrect URL, the Verisign DNS server actually returns an IP address, which is that of sitefinder-idn.verisign.com."
He continues, "Blocking the sitefinder-idn.verisign.com server in the manner recommended in this hint would save a fraction of a second but the main problem with this hint is that it suggests blocking the response when a far more efficient method would be to block the outgoing request. The system tells the browser that permission is denied for this request and the browser passes that information along immediately. Thus, the rule I use is:
sudo ipfw add 1170 deny tcp from any to 64.94.110.11 setup
I have been using this rule without any noticeable problems. Perhaps it might be of use to others?
Hey, can anyone tell me what i'd use to search for BitTorrent files? is there a webpage or something?
Facsimile
Dear Verisign,
I have heard that you guys are running a very useful website where I can get information about how to find other web sites (called sitefinder or something like that). Would you be so kind as to provide for me the URL for this website?
Best, a user
some folks with control of their own name servers just added their own replacement entries, say pointing verisign.com to some random IP? While it might not have as broad an effect, sufficient implementation could still cause some aggravation. Any thoughts on the legalities of this? Their being at the top does not exclude other players from the game of IP hijack.
Worse, it also means that Verisign gets a log entry of every queried domain so they can register it before you or one of their competitors can.
Verislime seems to have opted with joining the group of corps with nothing but SCOrn for the community they claim to service and support.
I do not fail; I succeed at finding out what does not work.
Because apparently www.fuckverisignuptheass.com leads to their wonderful service.
~ a low user id is no indication I have a clue what I'm talking about.
i don't think i've ever read such a moronic response to such an insightful observation
If one looks at the newsgroups as historically how something like this works, the .museum TLD is a highly restrictive, highly controlled domain. It's entire purpose is for respected institutions to be listed. So, them having a master index and a reply indicating an invalid domain makes sense, since the entire domain listing easily scrolls through a few screens only. It would be the equivalent of a comp or sci newsgroup; highly structured groups with moderation and content rules.
.com is the tld equivalent of alt., where anyone can create and post anything, without moderation, without structure. Attempting to impose structure, in the form of sitefinder, is stupid in this instance, since the organizations represented in .com are usually for-profit or attempting to jockey for position. If I have a business, do I now have to register every possible combination of my domain to keep idiots from being redirected to a customer of mine because they paid verisign to add them to the referral page for a misspelling of my domain name? I also have to worry about verisign giving precedence to domains registered through them in the recommended sites, and if I have a godaddy.com-registered domain, will I end up being denied business that would normally have realised that they made a typo, to fix it and come to me?
This is the real problem that I have with sitefinder. It being in the hands of a commercial organization who has exhibited a systematic behaviour of putting profit before anything else will only exploit this situation. They will start selling placement on messed up domain entries, they will start denying domains registered through other registrars the same regular placement as their own, and they will destroy what had been a fairly free and open system.
I'd recommend that if Verisign doesn't immediately stop this insanity that we write to our legislators and demand that control of the TLDs that versign manages be removed and handed to ICANN to deal with directly.
Do not look into laser with remaining eye.
I saw the articles, I've checked out the "sitefinder" page, and I don't see the problem? What is the problem? Can someone take the time to explain it to me?
This sounds like a really big non-issue, as far as I can tell.
-Brent
Let me get this straight... They will not voluntarily take down "site finder" and have added some "independent" researchers, who are dependant on their money, to come up with an impartial report which will back up VeriSign. Isn't it a bit preemptive to announce the results of a report BEFORE it has been started?
really just darl mcbride in disguise? or are they both just bill gates?
ever seen all three together in the same room? i thought not!
Nothing - well thats something.
you are wrong
The Television Wiki
Note: the parent post does not contain any factual information. The method by which Registrars verify domain name availability is usually though SRS or WHOIS or whatever proprietary interface the registry defines for registrars. The method described in the parent post is pulled directly from the poster's ass. YHBT.
If I recall correctly, these were going to provide alternative root DNS services as alternative from the abuse that some of the monopoly players were subjecting people to.
Any projects like that still in existance?
Of course you could always et up your own TLD :-)
so this means the internet should just stop using verisign as a root name server! bind should add a feature, ("com" { type delegation-only; }; ) and the dns admins should remove them from their "root hint" (named.ca) file. basicly shun them , until they come back inline (or die off).... it is actually really simple. oooohhhhhh phb's who registered with verisign.... other registrars should offer a special to for verisign domain owners to swith over for a smaller amount. it would be great! mmuuhhhha mmuuhhhha
At least when you open the package, you expect to find some sort of EULA. You don't expect to agree to a damned thing when you make a type in the address bar!
All I see Verislime doing is becoming the latest address hijacker. Maybe if IBM, Microsoft, et. al. get a bunch of staff to punch in mistyped variants on their corp domains they'll have enough to sue Verislime for false advertising and fraud.
I do not fail; I succeed at finding out what does not work.
I'm almost sad to see that the parent is currently modded 0, Flamebait. Someone has to play Devil's Advocate, even if it's to argue a patently ridiculous point.
At the risk of feeding a troll, I'll point out a couple of things:
AFAIK they have allways delivered a decent service at decent price to their customers. Compared to normal bussiness practise they are just very ethical in their behavior. As a long time customer I must say that they are nice to deal with compared to many of those unethical companies that you find on the internet that just want to scam you.
An excellent analogy! Verisign is not as unethical as the companies that sell snake oil and redirect your phone call to Vanuatu. That's like saying I should be happy to just be beaten up in a robbery, 'cause I could have been killed outright. Thanks, I feel much better.
My only dealing with NSI (in the pre-Verisign buyout days) was when they wouldn't transfer my domain to me from the original owner because of an obscure missing piece of paper (full story here). I got around the problem by transferring the domain to Domain Direct (affiliate link) and then to the much cheaper Gandi (no kickback), and I've never looked back.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
BTW: Does anybody know what they're talking about when they claim that other TLDs have implemented something like SiteFinder?
Here: .ac .cc .cx .mp .nu .ph .pw .sh .td .tk .tm .ws .museum. (I posted something similar last time a similar story came up.)
GROGGS: alive and well and living in
ISC has already released a new version of BIND that can be configured to ignore wildcard data from root servers. More info is at http://www.isc.org/products/BIND/delegation-only.h tml.
I, for one, will install it.
Has anyone noticed that they are tracking the clickthroughs of the search results. (Note: google does not do this)
They are building a huge database of behavior. It is tied to your ip address. I wonder what their policy is on releasing that information to the government? (they originally were government chartered)
Hell. I wonder if they were put up to it by the Department of Homeland Securiy.
At the very least, it will prove to be an invaluable, and highly marketable database.
.... soemcompany.com redirects to a pron site ;-)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Someone correct me if I am wrong, but didn't their redirect site have some type of web bug as well as a cookie that doesn't expire for five years?
... why this never works when i'm trying it - ie the redirect ... are they blocking some domains?
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Free domain names weren't much of a problem back when they were available. Why? Because there wasn't really such thing as virtual domain hosting, meaning you had to own a box connected to the net 24/7. THAT, in turn usually meant you had to be a university or government institution, or one of a handful of corporations. "Average Joe" user was on dialup, if he had Internet access at all, and couldn't meet the requirements to register a domain name.
Looks like if I am looking to buy some software
from IBM I get routed to some other site???
www.ibmsoftwaresales.com
This is the correct address right? I am confused...
Looks like a case of blatent trademark infringement to me!
Got Code?
I remeber hearing this a while ago.
"the road to hell is paved with good intentions."
too far? we have arrived!
I am outraged at VeriSign arrogance, and am also shocked that this hasn't at ALL been picked up by the popular media. Wired has barely even touched it.
I realize that is this only the first round, but honestly if ICANN doesn't step it up a notch, I will be petitioning to have them be removed and reinstated with an organization that is actually going to lookout for the internet.
Also I love the way in their TOS, that if you don't like their service don't use it? Like I have a choice..
Pisses me off to no end.
Through my contacts at Verisign, I happen to have a preliminary list of members on that independent panel:
J. Doe, Very Sign Corporation
Sue Smith, VS Technologies Inc
John Smith, Solutions Network, LLC
Stratton Sclavos, (company name withheld by request)
Joe Blo, Ver Isig N, Ltd.
Harvey W. Banger, V/SIGN Inc.
John Jones, Serivign IT Consultants
B. Gates, B&MG Foundation
As you can see, quite a varied bunch of folks, no way it could be slanted in Verisign's favor!
WTF? how is the first post redundant? It's the FIRST post!
Something distinct that people will remember better than my name
however, openNIC is alive and well and kicking much ass. (or http://www.opennic.unrated.net for the unenlightened...)
We didn't find: "Senator SHEENmaster"
There is no Official site at this address.
Would you like to place a bribe in advance, such that it will be paid if this individual ever does come into office?
You can't judge a book by the way it wears its hair.
I typed the following.
A RRIAGE -RETURN
ping www.verisignsucksmonkeyass.net
and got the following:
Pinging www.verisignsucksmonkeyass.net [64.94.110.11] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
What, are you blind?
Let me spell it out for you.
R-E-Q-U-E-S-T-SPACE-T-I-M-E-D-SPACE-O-U-T-C
Let me spell something else out. M-O-R-O-N
This led me to conclude that either Verisign has self-DOS'd their own ad site into oblivion with their wildcards or that my ISP has blocked Verisign's ad site.
The latter implies intellegence and consideration on the part of my ISP (Shaw), so is therefore highly improbable.
So what can I conclude? I really shouldn't modify shell utilities while drunk. I'm probably lucky it didn't tokenize the entered domain and pop up the first 500 google matches. I could be eye-ball deep in monkey ass porn.
I especially liked the part about using DNS to test domain name availability.
And you got +4 Insightful, too! One can always count on the moderators to turn off their brains when they click those buttons !
This is one of the better trolls I've seen in my time.
I noticed that they have a terms of service for the "service." Interesting what we're "agreeing" to by making a typographical error.
For my part, I sent Verisign an email in which I rejected the terms of service, and informed them that I would regard future invitations to use their service (displays of the site) in any way I see fit, including, without limitation, the right to "meta-search" it. While I was at it, I also informed them that I would further regard their display of sitefinder as an agreement to warrant their service free from defects, including, without limitation, fitness for a particular purpose.
Not that it will do anygood, but how can they expect their terms and conditions to be binding on anyone if the "service" is forced on you?
Hit them where it hurts, in the bottom-line. Complaining to everyone may get this fixed, but patching your nameserver and then going after the back-end may also get results.
Somebody's already pointed out verisignsucks.museum, and there are a couple of smaller country domains that have wildcards, but it's important to try web pages like verisignsucks13213.com and email to them to remind them that it's a bad idea. And be sure to leave a pointer to some bogus Verisign domain on your web page so that spammers will waste their time checking it out.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Thanks! openNIC looks awesome
.. that won't happen and VeriSign gets sued into the ground by GoDaddy and other registrars.
what about when the blaster virus dos's the www.windowsupdate.com site?
what is verisign going to do then?
It could be argued that they should've done the same before implementing the 'service'
AC comments get piped to
What.
The.
Fuck.
Please tell me you're really not that stupid.
I mean really, you can't possibly be as much of a dumbass as your post indicates, could you?
It will go see if there is an an IP for that domain????? Jesus Fucking Christ, man. Either you are a damned fine troll or you neglected to point out that you underwent a frontal lobotomy this morning.
I guess all that matters is the mods fell for it. Troll or not, at least you came out on top. Too bad the lobotomy clinic doesn't accept slashdot karma for payment.
What scares me isn't that they broke DNS, or even too much that they're standing up against ICANN. What really scares me is where this will go in the future. What happens when Verisign decides to start deleting "offensive" domains, and decides that pornography is unethical, and deletes all pornographic domain registrations? Or when they see that Slashdot is criticizing them and "accidentally" deletes slashdot.com? (Okay, most people use .org, but you get the idea.)
.com and .net, which for all practical purposes, gives them control over most of the Internet. Is anyone else worried by their completely unchecked power?
My examples are deliberately exaggerated and unlikely to happen, but I think you can see where I'm going -- one company pretty much has complete control over
________________________________________________
suwain_2
It is axiomatic that; money talks; people suck; follow the money; money talks, something walks...
May I suggest that truly altruistic behavior is rare, and darn near non existent when serious piles of gold are involved? Why pretend that anything else is likely to happen and come up with a way to use their standard human greed to make our lives better?
Soon, please.
Why do I have this? I don't smoke.
Looks like the MSN search web site count is going to be way, way , way down this month...
Got Code?
The question now is whether ICANN is going to defend their authority to police the names and numbers practices, or whether they want to become the UN of the Internet world, flailing about impotently or looking the other way while tyrants abuse their powers.
If Verisign does not face serious consequences for their sabotage, then every two-bit sleazoid who can hide behind a big financial warchest and a room full of lawyers will follow Verisign's lead and start demolishing what's left of the Internet.
It's put up or shut up time, folks.
If you check out Verisigns traffic page at Alexa (http://www.alexa.com/data/details/traffic_details ?q=&url=http://www.verisign.com), you can see why they aren't easily giving up their sitefinder project.
Why would you expect anything from VeriSlime? They've always been like this.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
As a network admin for a small ISP I found a simple work around.
/sbin/ifconfig eth0:1 64.94.110.11 netmask 255.255.255.255
/www/nodns
First I set up a webserver.
add to apache
<VirtualHost 64.94.110.11>
DocumentRoot
ServerName A.com
ErrorLog logs/nodnserror.log
CustomLog logs/nodns.log common
</VirtualHost>
Set up a webpage for this server.
on my cisco I set up the following route
ip route 64.94.110.11 255.255.255.255 xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the real ip of my server.
https://www.godaddy.com/gdshop/pressreleases/veris ign_suit.asp?isc=&se=%2B&from%5Fapp=
If the wildcard resulted in a list of all registrars for that TLD so a prospective domain name buyer could do some comparison shopping. Another usefull feature would be a list of links to similarly spelled domains.
Speech: Free
Beer: $699.00
Just imagine a beowolf cluster of those DDOS worms.
Except for that one bogus part,
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
$50 says that they are using page hits from mistyped urls as their "indications"
does something that they think will bring in more money ... I am shocked.
You should be thankful (to god that is, not to them) they're only redirecting UNUSED domains.
Now would somebody please whisper that there is oil in the dns system so he'll get the department of offence^H^H^H^H^H^H^Hdefense involved.
I had a look at that response to ICANN. What the hell is a "FASILMILE"?
Not really. You posted anonymously, I didn't. Nothing against you (since I have no idea who you are, obviously), but I set very little stock by anything posted without a name. I understand that there are reasons to post anonymously, such as to not bring down the wrath of an employer. However, there's still the concept of if you won't even sign your name to what you've said, how much can it be worth? Additionally, a lot of moderators take the tact of never moderating AC posts up. And you also started your post with a personal insult, which a lot of people automatically view as flamebait.
Either way, the important thing is that someone got modded up to point out how wrong that guy was. And that he got modded down.
-Todd
"The details of my life are quite inconsequential..."
bombverisignexecutiveswithusnavyairplanes.com does not seem to work; I keep trying bombscoexecutiveswithusairforceplanes,net, and this also does not seem to work. Please advise.
If you use email, your email system will give you a message like which is only slightly inaccurate. Your email-to-speech reader should be able to read it to you about as well as it could have read the message you should have gotten.
If you're using a web browser, it's a different story (unless Verisign's web pages are tuned for different browsers, in which case Lynx could be made to work ok.) There's lots of Javascript, mostly at the end, and the phrase about the domain verisignsucks-1342314321.com does not exist is unfortunately buried in the code for a complex table, even though visibly it's rendered near the top of the page. So that depends on your user interface's ability to read you tables and ignore Javascript.
If you're using most other protocols, somewhat incorrect things will happen, because most of them use "A" records, which Verisign will respond to with their IP address, and the service you're looking for probably isn't there. But again, they're the same incorrect things that happen to sighted people, and presentation is an applications programming problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
ISC.org has come out with a couple new versions of BIND (on several platforms) that makes the Verisign thing irrelevant.
.RU or .CX or whatever registrars do.
Essentially, here's how it works;
Rather than simply accepting any response from any root DNS server, the new version of bind only accepts an NS record (that states the authoritative DNS server) rather than an A Record (which maps a hostname or domain to an IP address). So the root servers can only do what they are supposed to do; tell your local DNS servers where to find the authoritative servers. Even if they are configured to do something differently, BIND responds by forwarding an NXDOMAIN back to the querying client. Esentially, if an IP address comes back from the server, the response from the browser then becomes "DNS Error".
This has several advantages:
- it doesnt matter what ICANN does or what Verisign does, responses to DNS queries happen as they should.
- the patch fixes ALL of the TLDs, so it doesnt matter what the
- it can be done on the ISP level. Though I have no proof, I think there are BIG ISPs out there that have done this already (Earthlink has been mentioned).
- no routing, blocking or other stuff that could cause problems in the future is involved
- Joe Grandpa Internet User never needs to know, and doesnt notice anything different when the fix happens
I do not know about MS DNS Server, or other non-BIND DNS servers, but I am sure there will be patches or upgrades from your publisher.
If you run servers, go to ISC.org and read up about the upgrades. If you dont, check your publisher's web site. If you dont run DNS call or email your ISP and ask them to upgrade their BIND at their earliest conveneince.
Though I think it would be better if RFCs were binding, or if they were followed voluntarily... there is more than one way to get the right thing done.
Could we be witnessing the same thing happening to the Internet? Will it slowly evolve into a near useless channel of communication as it becomes more and more corporatized and balkanized? If it does, it won't be long before Internet jockeys start demanding regulation and some kind of government cop to enforce standards and other general agreements for how the Internet should behave.
When will that day come? Who knows. Maybe 5 years, maybe 25. Perhaps it'll happen during the gale force wind of anti-corporate sentiment that's currently brewing in middle America. But the real trick will be to stop the corporations from dominating the regulatory process like they did with radio and television. I hope and pray the ideals the Internet was founded upon survive this process. We'll have to wait and see and petition hard for our respective governments to do the right thing.
<a href="http://www.joblessjimmy.com">Work is dumb and so is Jobless Jimmy.</a>
Create two new top level domains. Call them .alpha and .beta or whatever. Throw verisign out and just move along. They have proven themselves to be both incompetent and mischevious. There are more important things to worry about. Take their power away and get on with life.
...at least on the DNS servers I control. Just redirect lookups on the .verisign.com (and .net and .org) domains to my local DNS servers which strangely enough don't seem to point the inquiries to verisign... Just had to clear it with Management first as a "privacy issue"...
Help save the critically endangered Blue Iguana
As a UK resident, I was dismayed by recent developments in this story.
I have written a letter with a summary of the issue and references to online media sources.
I have sent the letter to several media/newspaper companies.
In addition I have forwarded it to my MP.
My concerns focus on the Terms of Use and my inability to stop using a service. I also pointed out that Verisign, in making their changes have affected all UK internet users and as such this information should be brought to a much wider audience.
Hopefully one or two people who receive my letter will actually consider doing something about it.
Fingers crossed...
that the sitefinder "service" only returns domains by verisign customers? Kind of negates the defense that the sitefinder utility is helping people across the internet find what they really need.
http://mediagoblin.org/
I've read some great points, and one question keeps coming back to me: Instead of ranting here in the forum, why aren't you writing your Reps and Senators? Okay, it doesn't solve the world's problems, but these folks are there to work for us, right? Even my hamfisted and inelegant summary of the VeriSlime doings could make a difference, if some staffer sees patent political gains. Try it - activism!
[just fired this off to VeriSign]
Dear VeriSign,
Assuming for a minute that you had absolutely no idea that SiteFinder would break large portions of the Internet, I'm simply dumbfounded over your renegade attempt to hijack the Domain Name System.
In all seriousness... what were you thinking?
Did you intend to destroy your credibility, or was it merely an unintended side effect or your sheer arrogance?
You've managed to rally the technical Internet community behind ICANN, the one organization which was a bigger laughingstock than you to begin with.
Please, reconsider SiteFinder. The Bubble bust a long time ago.
- a dissatisfied customer
with verislime adding insult to injury, something like opennic is just what we need. even if it was started by those poncy gits over at k5.
It may seem like a lot of effort, but, if everyone who hates this service just sends them a few words saying so, by email, by putting the following list of every address they have into their send line, they wont have an email system at all :) And it might be just a little fun too!
Here they are :) All 1 line, with , inserted, so you can just copy and paste it :)
consultingsolutions@verisign.com, websitesales@verisign.com, verisales@verisign.com, clientpki@verisign.com, internetsales@verisign.com, paymentsales@verisign.com, dnssales@verisign.com, digitalbranding@verisign.com, vts-mktginfo@verisign.com, channel-partners@verisign.com, premiersupport@networksolutions.com, authenticode-support@verisign.com, objectsigning-support@verisign.com, enterprise-sslsupport@verisign.com, vps-support@verisign.com, webhelp@verisign.com, practices@verisign.com, renewal@verisign.com, vts-csrgroup@verisign.com, info@verisign-grs.com
*There's Klingons on the starboard bow, scrape em off Jim!*
I don't know if anyone else has had problems, but I can't get through to real sites now. For instance Barnes & Noble doesn't work. I have found other instances, but this comes to mind first. This seems like a major lawsuit waiting to happen.
You must be new here
Cheers
Vikingbrad
Wow, would that be a first? Slashdot their office phone number. :-)
Could that be considered a Denial of Service attack? On a phone?
hmmm
Stewey
There are 10 kinds of people in the world. Those who understand binary and those who don't.
"http://foo%08x.com/verisignsucks.html" % random()
with no appreciable waits in between, it could not possibly be a denial of service since we'd all be querying different web sites, right?
Not, of course, that anyone would ever do that.
How long before the phone companies start redirecting your misdialed calls to Bell advertisements?
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Why was this modded *up*?
I *would* post logged in and give every detail down to bloodtype, eye color, and penis size, but then, that really has no bearing whatsoever on what I'm saying does it?
Count on it. I am already getting SPAM disguised as text-messages on my Sprint PCS phone. So far every 'ad' has been for phone related services (although not all from Sprint).
You pay for the service from Bell, you get whatever they pipe to you. You agree to their terms when installing / paying for their service.
note: I have an old Motorola without nifty camera and color screen.
Now that I can't tell you. Some moderators are just morons. I mean, granted, it was a decent explanation as to why a moderator might pick one comment over another (at least to me). But it's completely off-topic for this article (as is this post).
-Todd
"The details of my life are quite inconsequential..."
Epiphany: A change ("feature") you make causes the most used DNS server's developers to issue a patch. THIS IS NOT A FEATURE YOU FRIGGIN MORONS, IT'S A BUG. And I say that in the most angry Lewis Black-esque voice I can manage.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
See original source: http://slashdot.org/comments.pl?sid=79303&cid=7011 804
Good to see that verisignsucks.it still does the proper thing.
And doesn't suck it.
Sometimes you have to watch those crafty Italians.
I currently have no clever signature witicism to add here.
Then, some guy comes along and says that the biggest problem is that non-English speakers are going to get a 404 in English. I point this out, he gets moderated as insightful, I get modded as a troll.
The biggest problem is *NOT* an English 404 -- the problem is the fact that VeriSign did this without consulting with *ANYBODY*, so who knows what else they're going to be doing! How about VeriSign ads at the bottom of every page of the entire Internet? How about an obligatory five-second page pre-load ad? How about surcharges for searching time on VeriSign servers when somebody misspells a URL? These are problems. An English 404 is *not* a problem.
Condemnant quod non intellegunt.
took 3 minutes and 20 seconds to timeout.
curl 2342323432423432.org
returned a resolver error in less than two tenths of a second.
curl 2342323432423432.gov
returned a resolver error in less than a tenth of a second.
Will anyone really wait three minutes for a web page?
There seems to be an issue as to whether the Verisign SiteFinder "Service" violates federal law, namely, the Electronic Communications Privacy Act of 1986. I wish I could get links to work, but here are URLs that will give you the text of relevant sections of this law. Type the URLs carefully -- you wouldn't want them to be intercepted by Verisign.
1 8/ parts/i/chapters/119/sections/section_2510.html
1 8/ parts/i/chapters/119/sections/section_2511.html
http://caselaw.lp.findlaw.com/casecode/uscodes/
and
http://caselaw.lp.findlaw.com/casecode/uscodes/
A careful reading of these sections (18 U.S.C. 2510 and 2511) seems to suggest that Verisign's interception of mistyped URLs and emails, which could easily be argued to this casual observer to be both intentional and deliberate, might be a crime punishable by a fine and five years in prison. Sections of this law other than the ones cited above appear to indicate that statutory damages might be available to individuals who have had their communications intercepted.
Someone with enough interest in the matter should contact a lawyer to get a more definitive answer.
After a week of this I figure ICANN, or should I say ICANN'T has done little but to cut a few public letters between them. Perhas some back room talk without any real meat.
Why not send Veri-slime.com a letter stating they will be pulled as TLD if they don't conform. Give then 12 hours or else. Don't mince words for our sake - just spell it out for the dumb asses.
This is the Enron of the Internet, Veri-slime execs are messing with us. I transfered my domain the other day, I figure I have to put up with this at least they don't get as much for my domain renewal.
Quit whining and run your own DNS server. When you are asked, you should willingly pony up the network bandwidth and server load to run a root server.
You'd better get cracking too: there's a lot of RFCs to bone up on before you can achieve the status of the enlightened few who are above the controversy by sheer virtue of pure wisdom.
If all the selfless people made it their livelihood to outproduce the demands of the greedy, would the demand diminish? Greed is foolishness, and a fool is self-defeating. Leave the greedy alone, but show them how to BE happy so that they can see parity from striving for happiness.
You can't sustain a technical solution for a political problem, so leave their forum and create a new one without political problems. Why not just go back to IP addresses? Why not a new distributed database? Signed DNSSEC zones with PGP style peer-reviewed keyrings for certificates? What's the BIG PROBLEM here? The solution is apparent in understanding the problem.
--- Nothing clever here: move along now...
This is very interesting..
See a comment below, that has a reply from Verisign.. According to Verisign, even if you disagree with the terms, you cannot opt out..
Oh, and BTW: what do you think Verisign has planned down the road? Signed zones? Boosted certificate business?
DNS isn't broken enough to create demand for that kind of technology. DNSSEC has been around for a while and really has almost died. Verisign can almost set themselves up as a taxing authority. Will we let them? Probably. What do you think Legislators would do in this situation? Write the monopoly a charter!! Then, they can carve up the authority between a few big whigs to get out from under the monopoly spectre. Create a dazzling telcom-like illusion of competition. It'll be monopoly pricing without the monopoly!
--- Nothing clever here: move along now...
What if Verisign decide to look at their logs and register all the currently unregistered names with above average traffic. They have the ability to do this now if they wanted to right? Even if the "service" was discontinued in a week they could still harvest a lot of data in 10 days, thus giving them an unfair advantedge over their competitors.
Its not the only concern. Since this nonsense started my Yahoo mailbox has been bombarded with spam.
My attempts to do a better job with personalized filters than Yahoo!! have been successful, but every 15 minutes I have to login to clean the trash or my mailbox will appear full.
See original source: http://slashdot.org/comments.pl?sid=79562&cid=7029 444
There must be a way to use this against them. No, not a DOS, but perhaps using the fact that lots of spam uses fake domains and fake .com, .net now all resolve to verisign. Therefore lots of spam originates from verisign and they should be fined.
This is just one tangent to look at. There must be one that will work.
Obvious ethical considerations apart, this "service" is likely to break a whole lot of things, including SMTP.
As far as I can figure, all ISPs have 'fixed' the problem already, so Verisign's caper has come to naught rather quickly.
Oh well, what the hell...
"However, there's still the concept of if you won't even sign your name to what you've said, how much can it be worth?"
:-)
At least 4 mod points to you
it's the same as every other "I-probably-didn't-get-first-oh-wait-FP" posts in all the OTHER articles.
:-)
Asshat.
Fuck Beta. Fuck Dice
they will not voluntarily suspend SiteFinder.
They certainly didn't refuse. The letter simply stated that they felt it was premature to do so. Indeed, they might never acceed, but I was infuriated at Varisign when I read that they said the wouldn't voluntarily suspend, and then angry at the story when I realized this was a dangerous paraphrase.
I, for one, barely even noticed this thing, because I longer actually manually type in addresses. I use google. Even if I know the address, even if I have a bookmark, I still use google with the "I'm feeling lucky" button, because it's just easier.
is that Ophidian P Jones is a troll who just posts other users' high karma posts from previous, related articles.
CAN THE MODS GET A FUCKING CLUE AND MOD THIS INTO THE GROUND?!
Christ almighty.
Fuck Beta. Fuck Dice
Read my recent posts, he's copied me too.
What a cuntlicking faggot.
He makes Verisign look like the model company for the 21st century
Fuck Beta. Fuck Dice
because it only shows up if I have a typo in my URL:
http://www.verisignsucks.com/ -> non existent domain
http://www.verisignssucks.com/ -> sitefinder shows up...
http://www.verisign-sucks.com/ -> non existent domain
http://www.verising-sucks.com/ -> sitefinder shows up...
--
I'm a-huga bimbo.
By email, phone, fax, telegram, or letter (or better, several of these), let them know what you think. These are the people who can give Verisign reasons to change their behavior.
Contact your State Representative and Congress person. Tell them that they made a mistake allowing Verisign be the replacement for Network Solutions. Take the franchise away from Verisign. Cite the abuse of SiteFinder and then bombard your repersentatives until Verisign is no more.
Kill the fuckers.
great idea. been there, done that.
.US domain (unfortunately I registered .COM and .US with them way back when).
.COM domain back when it expires as well. No, we're not "Fedex.com", but even they could drop the .COM and go to .US and witin a month or two would you really notice? I certainly don't assume .COM today...
also mentioned that there was no way in hell they would get the renewal on the mailed from
They could have the
Speak with your $$$ -- it's the only thing they will understand.
I'm surprised noone's mentioned Internet Explorer. Seems like everyone's forgotten that when you mistype an address in IE, you're automatically redirected to MSN's search engine (one of the reasons they can claim high search engine traffic like google). I find that almost as disturbing as Versign's abuse.
It's time that the rest of the world took control of the DNS away from the corrupt outfit that has highjacked it and the Government which allowed that to happen.
Perhaps UNESCO should run the DNS?
That's the United Nations Educational, Scientific, and Cultural Organisation.
Not only are VeriSign abusing their power, they are collecting stats on every browser which mistypes a URL. This makes me soooo mad!!
It gets worse. Apparently VERISIGN owns Illuminet, one of the larger providers of comms services in the US.
HeHe
I've spent a good amount of time this week trying to talk to end-users about this issue, and found there's a lot of background to fill in so people understand why they should care about this. Once you get through that, most have wanted to do something to at least prevent themselves from being affected. But it's a lot of work explaining the background over and over again. In some cases, to people who should know better, including CEOs of medium sized telcos. What I did do is put up a really short explanation of the problem and of three recourses-- the petition, the ISC patch for BIND, and reconfiguring a PC for using OpenNIC DNS servers. I'm open to revising and/or expanding it if people can provide more information that I've left out, although I've tried to keep it short. The item is here: What Is SiteFinder, And Why Should I Care? I did this primarily for my own clients, but it may be of use to others. YMMV.
I made a web page that catalogs the reasons why I think that Verisign is wrong in itroducing *.COM and *.NET wildcard A records: Verisign NET and COM Wildcards Considered Unethical.
-- Stanislav Shalunov
If they want to claim this is unfair business practices and illegal, they'll be opening themselves up to a counter-suit from www.register.com etc.
I control three domains that are currently registered with Versign/Network Solutions. Does anyone have good recommendations for alternative registrars that I can transfer these domains to?
If the net does become a "corporatized, regulated, annoying piece of crap" then we can get back to the way things were before - and I'll finally have a reason to dust off my BBS and rejoin FidoNET. :)
when you see comments like "appoint a panel of experts" you just know there will be lots of bits printed, lots of blustery speeches, strongly worded condemnations, etc. and when it's all over, absolutely nothing will change.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The bottom line is that when Verisign proposed to manage the TLDs, this sleazy hijacking of the domain null space was not part of the proposal. This is the same sort of liberty that NSI took when they arbitrarily decided to charge for domain names after they were awarded a contract funded by taxpayer money to manage the TLDs. Since day one, Verisign/NSI has been anything but covert over the fact that they were the fox guarding the henhouse.
In this latest act of cyber rape, the Sitefinder service gives Verisign yet another unfair advantage over all other registrars, which flies in the face of the ideals upon which the system was designed.
As angry as people may be towards Verisign, their true frustration should be directed towards ICANN, whose purpose is to ensure a fair and mutually-beneficial management of the TLDs.
ICANN has failed miserably.
ICANN needs to be dissolved.
A new organization with more honorable intent, control and responsibility should be created.
The entities that manage the TLDs should ideally be prohibited from being in the registrar business. This would level the playing field.
Mail? Put "slashdot" in the subject to pass the spam filters.
...it's actually a requirement at law in certain jurisdictions. The idea is that they're CLEARLY MARKING THEIR DISCLAIMER OF SUCH-AND-SUCH, and not tucking it away. I'm sure boldface (or proper small caps) would be just as legal but all caps is the tradition (and boldface isn't always available).
Okay, sure, we can work around this with routing. But why not flood VeriSign with work?
Call: 0800-032-2101 or email sitefinder@verisign-grs.com
Tell them you will NOT accept their Terms of Use. Write it in your own way, we don't want them to be able to autoreply on anything, use your own subject, own text.
Let's give VeriSign some work keeping their "service" operational.
It's only fair. They're stealing both our bandwidth and our time.
Background::
Now, I did this in a slightly different way.According to http://www.theregister.co.uk/content/6/32872.html
"However, it seems that the T&C's might help us to stop this abuse. If you do not agree to the T&C's the only option they have is to not redirect your netblock to their site. So, give them a call on 0800-032-2101, select 2 to speak to their support department and once you get a human, tell them that you don't agree to their T&C's and can they remove your netblocks! "
I first contacted VeriSign Norway, who replied that I should contact sitefinder@verisign-grs.com .
I just sent the following email to that address:
Subject: Sitefinder - I do NOT accept Terms of Use.
" With this I give official notice that I do NOT accept any part of the Terms of Use of your Sitefinder "Service". A "Service", I might add, which I consider theft of my time and bandwidth.
Since using your "service" is not voluntary in any way, I demand you either close down your service, or find some other way in which to exclude the places from where I use the internet from your "service".
Contact me on if you have any questions.
- Tor Pettersen"I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
If you look at the TLD Sponsorship contracts on the ICANN site you'll see that some of the things a TLD Sponsors must do are...
Produce an accurate count of domains.
Pay a per-domain fee to ICANN.
It will be interesting watch the money.
I guess they make at least one exception in their wildcard implementation. verisignsucks.com does not resolve.
Hmmmm,
J
Why cant we just bring a community based replacement service online and blacklist verisigns root dns services?
This was a real question from a job interview! Q: What area of programming do you consider yourself not to be good in?
Is there any (legal) remedies that we as (US) citizens can take to punish verisgn?
If I register a domain containing some big company's trademark pointing to some random site, people usually get up in arms. Isn't it a trademark problem if "http://microsoft-sdlkfjr.com" or "apple-sldkjflskj.com" or "http://coca-cola-sldkfjjs.com/" take me to VeriSign's site? Or is it suddenly OK if you do this by the billions and do it for commercial gain?
(Incidentally, one big problem with the SiteFinder service is that it takes forever to come up with its answers.)
I think it's a miracle they didn't put banner ads and pop-up/under ads on the things.
(We still need to kill them, though. That's a given.)
I had a sucky sig.
Verisignsucks.com is apparently already registered
I have 3 times tried to register this non-registered domain, and the first 2 times were denied without cause. finally took on the 3rd time though..
I have never been denied registration of a valid non-registered domain before.
Can anybody figure out why?
anyways, I think it's up now.. (as soon as I fix the DNS)
LostboyTNT MercyHosting.Com
Server-Status.Com
50Bux.Com
TLDR.Com
yeh, we've already been through that..
6 025 )
;)
( http://slashdot.org/comments.pl?sid=78846&cid=698
it's a software thing, that you can change from tools, options, advanced turn off 'search from toolbar'
there are also other TLD's who have done this, but none to this extent. none that screw up the internet the way verisign has.
http://verisign-sucks.net
LostboyTNT MercyHosting.Com
Server-Status.Com
50Bux.Com
TLDR.Com
you should have replied with that question
in the other thread that the parent stole
his comments from. (read my other reply)
And no, we'd be just as pissed if the DNS
failed resolves went to google. It sounds
like a cool feature if you could optionally
enable it in your browser, or by picking a
special DNS server.
Fuck Beta. Fuck Dice
Put the following line into a bat file in your Startup folder:
route add 12.158.80.10 mask 255.255.255.255 some-nonexistent-ip-on-your-lan
Alexa Review
Give them negative reply!!
If Verisign can't play by the rules and/or play nice then yank the TDL. Remove their administrative control quickly. I don't have time for corporate greed breaking dns. A sendmail guru once told me that "dns is like air. you poison the air and everything dies."
Today, while doing an nmap of my machine to look for security faults, I
accidently mistyped my domain name (instead of my domain name, I accidently typed
"klsdjhfskjdhfkjshdf.com") and got an nmap of sitefinder-idn.verisign.com:
$ nmap -P0 klsdjhfskjdhfkjshdf.com
Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Interesting ports on sitefinder-idn.verisign.com (64.94.110.11):
(The 1510 ports scanned but not shown below are in state: closed)
Port State Service
23/tcp filtered telnet
25/tcp open smtp
79/tcp filtered finger
80/tcp open http
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
161/tcp filtered snmp
162/tcp filtered snmptrap
514/tcp filtered shell
4444/tcp filtered krb524
Interesting that they have an open SMTP port. Any message sent to an
incorrect email address will end up in verisign's mailbox. Verisign is
intercepting your misaddressed email. Are they reading it?
The SMTP daemon running on the sitefinder machine appears to be a custom
SMTP implementation:
$ telnet alskdjklajsdlkajsdkljds.com smtp
Trying 64.94.110.11...
Connected to alskdjklajsdlkajsdkljds.com.
Escape character is '^]'.
220 sitefinder.verisign.com VeriSign mail rejector (Postfix)
The "VeriSign mail rejector" rejects any message sent to it with reason 550:
<mrbiggles@lasdkjalskdjlaksjd.com>:
64.94.110.
Remote host said: 550 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: The domain you are trying to send mail to does not exist.
Giving up on 64.94.110.11.
It does this whether the domain you are trying to reach actually exists or not.
(Hey, at least it's not an open relay!)
In this case it was the US National Science Foundation under the aegis of Don Mitchell. He didn't mind subsidizing domain and ip registries for a then-yound Internet but refused to pay for every company.com that wanted a name, especially after *that* wired article.
.COMmerce (who pretend ICANN is in charge)
So the NSF asked the Federal Networking Advisory Councel what to do; they advised the NSF to tell NSI to charge for domains and so it happened.
I hate NSI as much as the next guy, but we should at least be accurate; it's interesting to note NSI has never set prices, they're always told what price things will be. First by the NSF and these days, by the US Department of
who modded that?
DEAR PAUL
MY NAME IS RUSSELL LEWIS AND I POLITELY REQUEST YOUR ASSISTANCE IN RECOVERING US$100,000,000,000 FROM WEB ADVERTISING SALES IN THE NEXT MONTH. MY COLLEAGUES AND I HAVE DEVELOPED A SYSTEM TO GET 1 PENNY FOR EVERY MISTYPED DOMAIN NAME ON THE INTERNET.
I AM PREPARED TO GIVE YOU $1,000,000,000 OF THE REVENUES IF YOU PROMISE TO LET ME IMPLEMENT MY SYSTEM. PLEASE SEND YOR BANK ACCOUNT NUMBER AND I WILL SEE THAT THE MONEY IS DEPOSITED TO YOUR ACCOUNT IN SHORT ORDER.
THANK YOU,
RUSSEL LEWIS
EXECUTIVE VICE PRESIDENT, GENERAL MANAGER
I think that all developers that own applications that rely on domain queries for any sort of validation should Sue Verisign. And any users that own license to any such applications should also attempt some sort of class action suit against them as well. I am not a lawyer, but I think that there are enough grounds for judicial action
Sorry, I never read any RFC's on DNS since I essentially never had any need for the knowledge.
But doesn't this hack have some possible negative complications?
This is a thought up example:
Joe A runs a bind server on his network and installs the 'no-sitefinder'-patch on this.
His own dns is a subdomain of a domain he owns.
His ISP runs the authoritative server on his domain, his own bind server is authoritative on his own subdomain.
He wants to check his own company website (which obviously isn't the subdomain) - bind would look up the next level DNS server (isp level) - this returns the A record for his domain since it is authoritative - he's own bind server says "hey you didn't tell me which server is authoritative" and returns NXDOMAIN to the client.
---
I know I might be stretching a bit, but isn't this essentially possible in different combinations?
Atleast it would be if I understood this correctly, and that wouldn't really be helpfull either then, since it just breaks something else.
yeah? soooooooo...
like I said, it's registered.
LostboyTNT MercyHosting.Com
Server-Status.Com
50Bux.Com
TLDR.Com
Well, actually I care about privacy, but thats not why I am posting. I see both power-users and eventually all users getting mightily annoyed by the fact that their web browser can now no-longer determine whether a typo has occured or not, and control the response.
Of course there are many options. Power users for example might prefer a short neat error message, either in-page or pop-up. Newbies might prefer a search service. What happens should be determined at the browser.
I once taught a class on searching the web, one of the challenges during that class was explaining that when the user mistyped a search engines address and still got a search engine that something bad had happened, and they needed to correct something. This is "Service" is very confusing and time-draining for all parties.
You might also ponder the problem of explaining why they now have a picture of Pamela Anderson and Tommy Lee getting down on their screen, in a public educational facility, having only done exactly as I told them (or so they think at the time).
In short, Verisign have done a wrong doing by extension the fundamental problem is that domain registration agencies (at all/any level) need to restrict the practice of re-directing typos, so that users are in control of their PCs, bandwidth and personal data, and so that educators and sys-admins have sufficient control to set up their browsers in the most appropriate way for the environment.
Regs GJ
127.0.0.1 sitefinder.verisign.com
this will screw up the "redirect" system. But SiteFinder can still send you a cookie. So go into the edit-preferences-Privacy & Cookies. Put a checkmark on "Ask me before storing a cookie". And before editing HOSTS file go to http://www.techhtv.com and when the "cookie confirmation" prompt window comes up put a checkmark on "Use my choice for all cookies from this site" and then press DENY. Everybody should do this. Best way to fight back against Verisign for the moment! For IE setup go to http://www.pcmag.com/article2/0,4149,1274644,00.as p
All technology emerges from the "supreme will" of man to become GOD!