Slashdot Mirror
The Five Levels of ISP Evil
schwit1 writes "Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs. This is a serious allegation, but it's the tip of the iceberg. I'm not sure if everyone understands the levels of sneakiness that service providers can engage in."
If so, where do I sign on to the lawsuit for fraud?
My old ISP switched its DNS to OpenDNS, which wouldn't be so bad except they gave no way to opt out, forcing users to wait forever, and see ads on 404s. They also, for a while, blocked any URL with ".src" in it, which blocked java games that contained ".screen" such as playsite.
But decided that I had nothing really pertinent to say--ISPs doing evil? That ranks up there with Banks collecting money and M$ collecting technology--happens every day but no one really cares unless it hurts them directly... ...huh, guess I did have something to say...
Your ISP is, should it be in their financial interest, the 'man in the middle'. Every attack that involves one of those could involve them. Game over.
Ya - fuck you too! how easy is it to find an alternate ISP you moron
I'm on Charter and I've most definitely been randomly redirected to Charter's internal search page for no good reason. The last example of this I definitely remember is when I tried to visit www.gimp.org and instead I was sent to Charter's search page. Charter's search then displayed www.gimp.org as one of the search results. When I clicked on the search result I was sent to www.gimp.org without any further issues. This tells me there is no technical difficulty at all, it's just a corrupt tactic being used by Charter to try to milk their customers (as if they need even more profits, as being being a one of the companies in a duopoly is just not good enough for them).
Fuck everything about this practice.
Most markets in USA have either an effective monopoly or a duopoly when it comes to ISPs. Or otherwise we have options that cost 3-5 times over the fair market rates which do not even try to compete for the residential dollar.
http://www.dslreports.com/shownews/Two-ISPs-In-A-Market-Does-Not-Mean-Theres-Competition-107517
Ah, the familiar stench of somebody who doesn't even know what conditions 'free market' implies; but attempts to passionately defend them...
Evil is going the way of Fascist. It lost meaning and it doesn't insult anyone any longer. I blame the leftards, mostly.
There is no such thing as a free market for ISPs. Talk about a fucking idiot.
Bryan
You do realize the article is external and not "written by Slashdot", right?
You do understand the "evils" listed go beyond just "involving money" to serious issues concerning privacy, the integrity of web systems, etc., right?
You do realize you don't ever have to read Slashdot if it angers you so, right?
Yeah, that's what I thought.
Thought thinks itself.
How about, instead of something nebulous like points, we describe an ISP's level of evil by the number of years in prison an individual hacker would get if they got caught doing the things these corporations do to traffic passing through systems they control.
I have it, and they have solemnly informed me that there is no way their business customers can opt out of the evil Domain "Helper" Service. That came all the way from some vice president's office in Philadelphia after I spent two weeks on the phone with them about a year ago. Since they were kind enough to send their apologies via SnailMail, I wrote back and solemnly informed them that I would never, ever click on one of their sponsored links, and that if I ever saw that page, I would shut the browser window immediately. It wasn't much--the equivalent of throwing a spit wad, but they know how pissed off I am. I know I can make other DNS arrangements. It's about 87th on my list of crap to worry about.
"Here's what's happening. You're starting to drive like your Dad..." - Red Green
Where does the money the ISP makes come from? In the example, Amazon. Affiliate pumping is essentially a way to steal from online retailers, and I wouldn't be surprised if it was in some way a form of actual fraud. It does hurt you indirectly, when those retailers have to raise prices to compensate.
The stupidest thing you can possibly say to this story is "everyone is doing it." Do not lend legitimacy to evil.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
still showing up here there & everywhere
should it not be considered that the domestic threats to all of us/our
freedoms be intervened on/removed, so we wouldn't be compelled to hide our
sentiments, &/or the truth, about ANYTHING, including the origins of the
hymenology council, & their sacred mission? with nothing left to hide,
there'd be room for so much more genuine quantifiable progress?
you call this 'weather'? much of our land masses/planet are going under
water, or burning up, as we fail to consider anything at all that really
matters, as we've been instructed that we must maintain our silence (our
last valid right?), to continue our 'safety' from... mounting terror.
meanwhile, back at the raunch; there are exceptions? the unmentionable
sociopath weapons peddlers are thriving in these times of worldwide
sufferance? the royals? our self appointed murderous neogod rulers? all
better than ok, thank..... us. their stipends/egos/disguises are secure,
so we'll all be ok/not killed by mistaken changes in the MANufactured
'weather', or being one of the unchosen 'too many' of us, etc...?
truth telling & disarming are the only mathematically & spiritually
correct options. read the teepeeleaks etchings. see you there?
diaperleaks group worldwide.
The motivation for all 5 is money. That's not what makes it evil. What makes them evil is that they are interfering with the way the internet works. If it were a phone call, they would have been jailed. But for some reason, traffic on the internet is not yet considered private use of a communications network the way the phone network is.
For us geeks, there is HTTPS Everywhere. Now how do we get my grandmother using it, or some similar form of technology to prevent tampering? Remember that it doesn't have to be some really secure encryption - even something like unsigned HTTPS is better than nothing, as the cost of performing a stateful MITM attack renders being evil far more expensive than manipulating cleartext packets.
I have more than once ended up on some stupid survey page after entering common urls...like www.slashdot.org.
AT&T
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
I would like to make it clear that NO ORGANIZATION need respond to a subpoena without a fight. There are a thousand ways that a public or private entity can get a subpoena issued for your private information. Basically, a party simply asks the court to issue one, and the court does. The receiver or other "affected parties" have every right to object to the subpoena and demand a hearing. For example, an ISP could insist on a suitable delay in order to inform the user of the subpoena and give the user the time and information necessary to fight the subpoena. If, after a hearing, the court finds the subpoena valid, it will issue a "court order," that had better be followed, or the recipient can be charged with contempt of court.
ISPs, banks, and other organization regularly roll over when issued subpoenas, coughing up all the customer's information without giving the customer the opportunity to respond and object. The underlying issue might be a nasty divorce, an evil contractor, a whiny neighbor, or a gov't employee fishing for glory. Most large organizations have some small print in their terms of use or account contract that says that the customer gives up the right to question subpoenas and that the organization will obey subpoenas no matter who they are from without first warning the customer.
I know personally of one organization that holds private customer data and simply ignores all subpoenas. They have received hundreds over the years, but not a single court order. So those lawyer types and account PR people who say they "have to" obey subpoenas are not telling the (whole) truth.
Note that attorneys and medical provides have "special rules" protecting client information. Funny how that works, huh?
For people who care about privacy, many of us would pay a bit extra for service from an organization that promises to put our interests first.
Disclaimers: (1) IANAL, so by definition, "this is not legal advice." Consult your attorney. (2) Some subpoenas require secrecy, and there are homeland defense subpoenas that are different, but these types are actually rare.
I will create a sig when innovation restarts in the U.S.
It's not just that it shows ads, it breaks lots of internet services.
People seem to forget that the web isn't just HTTP, and there are quite a few other things that do DNS lookups. And weird stuff happens when a name that doesn't exist resolves, and the connection is directed to an ad server.
"What you do online is private!" If only. If only.
It doesn't make a difference whether my ISP or some random web site gets the affiliate bonus. If there's something that can kill the affiliate system and the opinion and review spam that it produces, I'm not going to get in the way. The enemy of my enemy, you know...
It's hardly surprising, most people don't know that the web isn't just Facebook and that "Goggle" page you type Facebook into to login.
Ad swapping likewise doesn't hurt me and benefits my ISP, so the traffic manipulation is why it's bad and that's it. I filter ads anyway. It's #4 to me.
This does hurt the user, eventually. If the sites you use rely on ad revenue to stay in business, and your ISP replaces their ads with their own to steal their revenue stream, those sites lose money even though they served you their content, and eventually may go out of business because of it. Unless you prefer ads for male enhancement pills to the content you were originally trying to view. You could even argue it's illegal and/or violating the TOS of the original website for modifying and hosting their copyrighted content...
Also, Improper DNS NXDOMAIN handling is the basis for Affiliate Program Pumping, just a more insidious version that basically steals a cut of revenue from a retailer without your or their permission or knowledge. It's a superset, so how can it be less of an issue?
I remember when news broke of a user tracking software (Phorm) built right into the ISP's servers (BT). No BT broadband customers were informed of such online tracking and there was no opt out (later on, a cookie opt out and then trials ended). UK law officials/regulators did nothing to punish BT: CPS: We won't prosecute over BT/Phorm secret trials!
Look, I hate this shit as much as anyone. But these ISPs are private companies, and as such, should be able to do whatever they want (to include destroying themselves). If they act like fuckheads by violating the privacy of customers, then customers should (and will) go elsewhere. What, they're the only broadband ISP in your area? Sorry, but you don't have the *right* to broadband on your terms. If enough people stand up to the bullshit by canceling service, they'll change their ways or be destroyed. The [free] market always sorts these things out.
But if you wish to use the power of the government to get your way, then you've destroyed the idea of the free market, and it will *always* come back to bite you in the ass, and you will get what you deserve.
People keep using the word "evil" in reference to corporations and it sickens me. It weakens the meaning of the word because, in a vast majority of cases, the corporation in question isn't "evil". They may be dicks or nasty or mean or "not right"but "evil" is a powerful word that applies to very specific situations. In almost every case where I see someone describing a corporation as "evil", I immediately ignore everything else the person has to say - if they can't understand how to properly use the word "evil" then they clearly can't form an opinion worth listening to.
You may not like ISPs dicking with your service in the quest of profits but that is far, far, far from evil.
Please, if you're going to use the word "evil", make sure that you're actually describing something that is evil.
I mentioned that I filter ads, so it really doesn't matter whose ads I filter. Ad swapping is most definitely illegal here, because of the part where it requires traffic manipulation. That's not the point. I think it's less evil, not less illegal.
Improper DNS NXDOMAIN handling is just one way of implementing affiliate program pumping. An ISP can transparently hijack all HTTP traffic to retailers and redirect you through affiliate URLs. Doing that with a transparent proxy is much more effective and it doesn't affect other protocols, like NXDOMAIN highjacking does. There's also the part where it damages the affiliate ecosystem, which almost eliminates the evilness.
Comment removed based on user account deletion
That $60 that I spent on VPN service is looking better every day.
/Minor moderation fix/ Sorry, miss-clicked an option in my mod drop-down - just cleaning it.
"Most people" are willingly utter retards. News at 11!
Next: Water is still wet! Stay tuned!
What other protocols does the web run on? Or did you mean the Internet, which is not just the web, and uses all sorts of other protocols, some of which involve DNS lookups?
I probably wouldn't care too much as an end user. And not being hurt directly, it might be difficult to make a lawsuit out of it even if I cared. What damages to claim?
Amazon, however, might have reason to take this to court. They also have much more resources to fight out a lawsuit. Which does, unfortunately, make a difference.
Maybe some state attorney who has a clue about the internet might also be interested, but don't hold your breath for that.
C - the footgun of programming languages
... And yet another reason why I am so glad I use sonic.net as my ISP. I've been with them since the 90's when they were a small county wide internet service provider and they've always been great. Sure I could spend 5 dollars less a month (or maybe even more) with comcast or AT and T but it's worth it to me that my money goes to a company that treats its customers so well and actually gives a rats ass about my privacy rights. About once a quarter I get an email from these guys discussing proposed legislation that threatens my data privacy rights along with suggestions as to what I can do about it. Absolute love it.
If you live in Northern California you'd do well to look into them for your service.
I ignore Anonymous Coward posts. If you want to discuss something, that's awesome. Log in.
NXDOMAIN problems are less evil than swapping ads? a intelligent person will block ads anyway.
Then there is Mediacom. Without telling anyone they now have a "3 strikes" policy -- but their IPcustomer database is scrambled, so in actuality they just randomly shut off people's connections. (This is what made me drop them, when i actually stopped doing any torrents and still got shut off, then found out it was not even for anything I had ever transferred, and the IP address was never mine.)
Mediacom do NXDOMAIN hijacking.
Mediacom injected ads onto the Google page, among others, advertising their phone service. They stopped this after site owners threatened lawsuits.
Mediacom do *404 hijacking*. They redirect some 404s (aka page not found) to the same junk page they redirect NXDOMAINs. I thought several sites had dropped off the face of the earth (at least the DNS failed), when it turned out they had just reorgranized the sites and Mediacom had hijacked the 404 responses. As a bonus, the opt-out page (which is at least the kind that affects the whole connection and not the broken "oh we'll set a cookie" type) does not work for 404 hijacking. Within the last week, I did see 404 hijacks stop, so I don't know if the "opt out" started working or if the threats of lawsuits from site owners persuaded Mediacom they cannot pull people away from valid sites, or if the hijacks are simply intermittent.
Use alternate DNS.
This is exactly the kind of asshattery that poses a huge problem. Another example is the fucking "click to access the Internet" pages on networks that won't route your traffic until you run a web browser and click on the thing. The idiots that use those kinds of systems almost make me want to set my iPod or other device to randomly send dissociation packets to any wireless packet it sees while I'm in those places.
It's nice to see people complaining about things ISPs do that are really worth complaining about for a change. I've been tired of hearing people on /. and elsewhere whining about ISPs charging for bandwidth usage ("All customers should get unlimited plans rather than per-GB rates, because bandwidth is free, right? It's so unfair that it'll cost me extra money to download all my dozens of GB of pirated movies!").
The motivation for all 5 is money. That's not what makes it evil.
I would say it is, the greed of corporate USA is the only driving force of practical every market segment. Even basic needs like health, food, education and sanitary have parasites draining money as fast as possible and still not satisfied. It is the same in any market, profit by any means is the order of the day. There is nothing you can do because the government is in on the action as well and most people are too ignorant to care.
=> route through Tor using a local DNS proxy (TorDNS, Privoxy) possible on all major OS even without routing all traffic through Tor which e.g. makes it hard to use Google)
However, I know nothing about the DNS hijacking popular Tor exit nodes might be subject to.
Any better suggestions?
"I love my job, but I hate talking to people like you" (Freddie Mercury)
Would you go so far as to say that the "leftards" are EVIL?
Ah, the famous "-1, disagree" moderation...
Riddle me this, batman:
What about the sites that ARE supposed to be getting these affiliate bucks, but instead it goes to the ISP? If enough ISPs do it, those websites lose support and go bye-bye. THAT would personally affect you.
Evil is whatever I say it is. Anyone who claims that it is something other than what I claim it is is factually incorrect (some magical being whose opinions override everyone else's for some reason told me that my morals are correct)!
Filthy, filthy copyrapists!
I'd say it's more of a potential loss of potential profit than anything else.
Filthy, filthy copyrapists!
Until opt- in is a law, nothing will change. It just that simple. There is nothing to force them do even ask our permission so they will continue until forced otherwise. How many more lessons do we need? The telemarketers are still in business and they went down screaming and kicking they would all die off. Now say after me laws can be a good thing too.
Jack of all trades,master of none
Anyone care to pay for a GOOD Open VPN? There are sneaky SOBs that offer free trials on pptp account (requires you run their binaries) (HA- HA-HA) and THEN there are openvpn accounts. They cost a little, and the good ones change your DNS - so your ISP has no IDEA what you are up to. You connect via IP number, and the rest is hidden - all of it. ...cm
I even apologized to the site I posted it to. This was about
a week ago.
----
Start of groveling
"The link I provided had a prefix that changed each time it was
used, I apologize for that. It wasn't intentional and it wasn't the
fault of http://www.tinyurl.com/ apparently I picked the link from ??
(no clue) I used Tinyurl as the link split in my editor.
http://hijackthis.de/en says everything's fine on my end.
Peerblock stopped these prefix's and how I found it out
http://send.onenetworkdirect.net/z/30811/CD133407/wpfvns76cw7p&lnkurl=
http://affiliates.digitalriver.com/z/30811/CD133407/wpfvns76cw7p&lnkurl=
http://affiliates.digitalriver.com/z/30811/CD133407/1anre0fx5ksq&lnkurl=
End of groveling
After reading the article, it would appear I must of missed a letter or
two in the original link.
Client of mine was having bad internet problems on Comcast. Investigated and solved by putting openDNS into the router config and making sure all machines were on DHCP. It wasn't redirecting search results, at least not that I saw, the comcast DNS were just unresponsive.
Step #1 to have good internet is not to use the ISP's dns servers. EVER. Just sayin.
Flappinbooger isn't my real name
Scenario: 2 PC's. One using my ISP's DNS servers, the other using Googles DNS servers.
Last week I couldn't get to google.com. I typed it into the browser, and my ISPs search page came up with the search done for 'www.google.com'. Click on the ISP search link, it NEVER COMES UP and eventually times out.
At that moment, I switch over to my PC using Googles DNS servers, type in 'www.google.com' , it pops right up.
If they're doing it with a site as big as Google, what about all the smaller inconspicuous sites that get medium to very little traffic. This is the kind of shit that makes me want to drop them that moment. I already pay my ISP for connection to the Internet. They sure as hell shouldn't be screwing with my site requests just so they can make a few extra bucks off me.
And just so you know, my ISP is SUDDENLINK in Texas! Greedy Fucking Bastards!
It's not just that it shows ads, it breaks lots of internet services.
People seem to forget that the web isn't just HTTP, and there are quite a few other things that do DNS lookups. And weird stuff happens when a name that doesn't exist resolves, and the connection is directed to an ad server.
Like what? How many services have some important logic branch at not able to resolve a host name as opposed to not able to connect to a port?
What I want to know is why owners of web sites who's ads are being replaced by ISPs dont sue those ISPs for copyright violation (IANAL but it seems like its a clear case of copyright violation to me)
For example, Google should sue any ISP where there is proof that said ISP is replacing Google ads with ISP ads. If enough companies sue enough ISPs over ad-replacement practices, ISPs will have no choice but to stop if they dont want to be sued.
Screw your ISP's DNS servers. Just do not use them . Join OpenDNS. It's free. Then, use their DNS servers (208.67.222.222 and 208.67.220.220) instead.
Granted, this won't stop weird stuff happening if you mistype a domain name in a URL. But, AFAIK, OpenDNS doesn't serve up a page of affiliate links (they do serve up a list of links, but the spellings are obviously close to what you misspelled/mistyped -- once you switch to OpenDNS, try going to this site to see what I mean). And they definitely do not change links or banners in Web pages.
To somewhat get around the misspelling issue, use your hosts file. If you consistently misspell/mistype a domain name, enter that misspelling into your hosts file mapped to the correct IP address. Indeed, you could enter a whole group of likely misspellings for a domain name and map them all to the correct IP address. You're address bar will start to act like Google's search bar. Better yet, proofread what you've typed into the address bar before hitting or clicking Enter. Wait, this is /. Never mind... ;-)
If you use a hosts file like the one provided by winhelp2002, you will also be protected from a large number of malware/tracker sites. The hosts file you can download from winhelp2002 maps the domain names of known malware/tracker sites to 127.0.0.1. And, they update the downloadable hosts file regularly. Again, a free service.
One "Aw, Shit!" is worth 100 "Ata boys!"
A lot of these things are more than just NXDOMAIN hijacking. I run my own dns which does not use my ISP's servers anywhere (mediacom) and yet some 404s and other server errors get me redirected to their search including some pages that work just fine. assholes.
I've noticed with mediacom that if you use NoRedirect setup properly on Firefox it will show a DNS error for nonexistent domains and you can set it to block the redirects for searches and 404s as sometimes (not all the time) they include the page content but just change it from a 200 to a 301 redirect.
Of course, this wouldn't really matter if they didn't reset the opt-outs every month.
The article doesn't say which ISP's are being accused of this?
Anyone have a list?
Evil #5 includes domain name servers (DNSs) that redirect you to a commercial site when you have requested a non-existent domain. My ISP is Road Runner, whose DNSs do this.
I use GRC's DNS Benchmark to find publicly-accessible DNSs that do not do this, that have quick responses, and that have low error rates. I then change my Internet settings to use those DNSs. I rerun DNS Benchmark about once or twice each month, updating which DNSs I use. These reruns are necessary because the quality of DNSs -- timing and error rates -- is not constant; it varies with time.
See DNS Benchmark at http://www.grc.com/dns/benchmark.htm.
All whistleblowers have some "vested interest". It's not like the article's author can collect money for internet service to ALL users on the planet who read his article. What matters here is that this guy is NOT my ISP, and by logic, ISP's, including mine, had a "vested interest" in keeping quiet about all those practices that this one ISP is denouncing.
How about ISPs that start lawsuits against cities wanting to build their own municipal fiber network, then keeping them tied up in court while they build their own network?
Customers aren't the only ones filing "stupid" lawsuits.
The second amendment only had relevance when The People had access to the same weaponry the government had. Sure The People could rise up with their hand weapons and rifles... Only to be put down by hellfire missiles and State of the Art armored vehicles. Yeah...you can count me out too.
Windows assumes you are an idiot...Linux demands proof.
Everything will be good...
Oh, the beautiful gloss of greality!
"... another revolution.'
It may not be as far away as you may think. The people that control this country have become overly complacent about how much actual control they have over the people. They believe that they have all the guns because their most vocal supporters brag of their gun ownership and ability to use them. They forget...this is America, we all have guns.
Just because people are quiet, doesn't mean they are not seething and just about ready for a spark. It could happen here as well as Libya and Egypt. Just look at Great Britain the last week.
NXDOMAIN hijacking is the bane of my work existence. I have had to deploy a simple script to edit the HOSTS files of users who use one of our web based applications over VPN. Most of the time it is simple "run this, then everything will work." The other one percent of the time I have to try and explain that due to your garbage ISP, and how our network admin set up vpn, your requests aren't being handled properly to a set of users that uses the following keystrokes to type 'A' CapsLock, a, CapsLock.
The person who invented NXDOMAIN hijacking should be shot in the kneecaps.
Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:
Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/
(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)
HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")
HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!
(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)
ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!
( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...
STILL, DNS HAS PROBLEMS... MANY PROBLEMS OVER TIME & EVEN RECENTLY BEYOND THAT OF THIS ARTICLES' POINTS:
---
BIND vs. what the Chinese are doing to DNS lately? See here:
http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders
---
SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:
http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/
(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)
---
DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):
http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/
(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)
---
Moxie Marlinspike's found others (0 hack) as well...
Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...
(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack
I guess my ISP is not so bad after all.
I've heard about it breaking printers too. Automatic firmware updates - they try to contract their long-abandoned firmware server, get a fake server instead, download the page filled with ads... fortunatly arn't so stupid as to write it into firmware, but stupid enough to lock up and can only be fixed by rebooting them without an internet connection.
Someone needs to start a new ISP, one that will hopefully have global appeal at some point. Its selling point would be that it:
I have no illusions that such an ISP wouldn't be for everyone. Some folks don't have a problem with be used by governments or corporations like cattle. This is for folks who actually give a damn about their human rights, and demand to be treated with some modicum of dignity and respect. People for whom the word responsibility occur as less a curse, but more an opportunity.
Its fair to say that the network has become our most vulnerable aspect to modern life, because greedy and stupid people have traded our sanctity for their benefit. We need to take back what is rightfully ours and nobody elses.
In the old days the regime had to put people in the gulag to stop them revolting. That or kill them.
Today it is very different. With the technology we have today the people in power have the ability to monitor the population and keep tabs on what people are doing, thinking and planning. They can undermine the opposition's plans and disrupt organised groups. When all money transactions are electronic nothing you do will be anonymous. When all communication is electronic nothing you say or think will be anonymous. When all travel requires an electronic identity tag nowhere you go will be anonymous.
It already happens. Buses and trains have been cancelled or redirected to prevent people reaching protest sites. Cell phones have been disabled to prevent communications. The logs of electronic money transactions are routinely used in court cases as are email and cell phone logs.
When there is no anonymity opposition becomes and easy thing to deal with. Internet connections can be cut, mobile phones can become inaccessible, access to the news can disappear.
It's not messy. In fact it is very neat and tidy. You can still go on protests because that provides entertainment. You can still write to your 'representative' (as if they cared). You can still think that you have some say in things because you can still vote - for the representative, not on the legislation itself mind you.
The powers that be no longer need summary executions and gulags. They have got you right where they want you, out there working hard being monitored and under their control.
Sure you can still quibble about the details of this capitalist society but if you think you the system will let you stop it being capitalist you are surely fooling yourself. There are too many vested interests.
Now, get back to work, pay your taxes and shut up.
If a web site loses referral revenue and has to shut down, I say good riddance. You're right: It would personally affect me if those web sites shut down - positively. I prefer to get my shopping tips from people whose opinion does not depend on bribes.
Sonic.net was my first ISP back in '97, they offered a free shell server and happened to host the MUD I was currently addicted to. They have always been an incredible ISP and a great place to work (if I could just get in there! grr) in Sonoma county and all over California. I'm always glad to see Dane Jasper on the front page of /.
640k ought to be enough for anyone.
None of this is new news.
About 5 years ago I noticed my DNS requests to google being redirected through comcast servers. Since that time, I have setup and utilize my own DNS service, and now DNSSEC to make sure I get to where I'm going. In addition, I found that doing this has significantly increased the time to load any web page, effectively speeding up my browsing experience. When I started working for my current employer, I found they were having the same issue (comcast business) and setup a DNSSEC system for them as well.
Fellow slashdotters, it would be in your best interest to do the same, and help others with lesser technical knowledge to do so as well.
oops, meant it has significantly decreased the time to load any web page not increase it. duh.
What if a common carrier redirected your parcel or
first class letter to you via an alternate carrier for profit.
Then the alternate carrier did a deep package inspection
of your commerce and sent you product you did
not order and also sold that deep package inspection
the To: and From: address info and sold that in conjunction
with the results of their "deep package" inspection.
Remember most "Mail" transport is contracted to airlines and trucking
services....
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Mark V. Shaney, is that you?
the way ISPs tap up the usage on your accounts, this is not surprising, even between themselves....in the end, all the bandwidth we use we pay for...one way or another....if everyone were to treat the usage of web like electricity rather then water, they would be more conscientious. Don't leave all the lights on in the house when you leave, only turn them on if you are using them....same with the internet. Most would consider twice before buying a hot tub due to the extensive electricity use. Same thing with big downloads....less we use, less we apy