Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reports of IE Hijacking NXDOMAINs, Routing To Bing

Posted by kdawson on from the if-I-want-bing-I-will-type-bing dept.

Jaeden Stormes writes "We just started getting word of a new browser hijack from our sales force. 'Some site called Bing?' they said. Sure enough, since the patches last night, their IE6 and IE7 installations are now routing all NXDOMAINs to Bing. Try it out — put in something like www.DoNotHijackMe.com." We've had mixed results here confirming this: one report that up-to-date IE8 behaves as described. Others tried installing all offered updates to systems running IE6 and IE7 and got no hijacking.
Update: 08/11 23:24 GMT by KD : Readers are reporting that it's not Bing that comes up for a nonexistent domain, it's the user's default search engine (noting that at least one Microsoft update in the past changed the default to Bing). There may be nothing new here.

3 of 230 comments (clear)

  1. Re:Ridiculous by Hubbell · · Score: 0, Flamebait

    It's their product, and if you input an invalid URL...their product directs you to their search engine to allow you to search for whatever it is you are looking for. How in the fuck is this wrong?

  2. RFC1034, RFC1035 and RFC2065 by Medievalist · · Score: 0, Flamebait

    Can you point me to the relevant RFC, or at least a standard from a recognized standards body which is being violated here?

    It depends on how they are doing it; if they are preventing transmission of NXDOMAIN to userland, then RFCs 1034, 1035 and 2065, mainly. Also RFC2308 and 1536 and 4074 and probably others depending on specific circumstances.

    Check out RFC1035 section 4.1.1, RCODE 3.

    It can be (and will be, right here) argued that the browser is a presentation layer tool that already exists in userland and thus Microsoft preventing users from seeing that a name does not exist (and redirecting them to an advertising engine) is not a standards violation. Certainly the behaviour of the big ISPs like Verizon and Comcast, which actually prevent the client machine from ever seeing the NXDOMAIN response, is a much more heinous violation of standards.

    In any case the expected, well standardized behaviour of DNS when asked for a non-existent name is embedded in a great deal of existing work, including user guides and scripts, which is why technically knowledgeable people are usually pretty pissed off by this sort of greedy foolishness even when it's just happening in the browser.

  3. Re:Ridiculous by mgblst · · Score: 0, Flamebait

    Saying IE is hijacking your domain query is a little like claiming the normal pilot of a plane is hijacking it whenever he flies. No, he's not, he's the pilot. It's kind of his job.

    What if he flies it to a completely different airport, under the guise of killing you all and stealing the plane? Is that still not a hijack? This is a good analogy for what IE does.