The Cellar

The Cellar (http://cellar.org/index.php)
-   The Internet (http://cellar.org/forumdisplay.php?f=8)
-   -   Verisign redirection and Internet Explorer (http://cellar.org/showthread.php?t=4021)

SteveDallas 09-25-2003 02:33 PM
Verisign redirection and Internet Explorer
 
I just had a thought. (Scary. Maybe I'm going to succumb to the temptation and start a blog. :whofart: )

Most of you reading this probably have heard about Verisign redirecting non-existent domain names. If not, you can read up.

My thought was,

How is this different from Internet Explorer taking you to the MSN search page when you can't reach whatever web page you were trying for?

How is it NOT different?

Cam 09-25-2003 02:50 PM
Becuase it's not your browser doing the redirecting it's another company. Yeah it's ridiculous that Microsoft puts that in it's browers but at least you have a choice to use a different brower. Now it makes no difference what browers I use I automaticly go to Verisign's site. Of course that's only half the problem with this, it also creates other havoc in the Internet, but I don't understand that enough to talk about it.

SteveDallas 09-25-2003 03:10 PM
Yeah, but really. That's fine for you and me and a lot of the other folks here. But let's face it, for an overwhelming number of people on the Internet, telling them to install a new browser would be akin to asking me to replace the radiator on my car. Technically you're right, but for all practical purposes they have a captive audience that's very large.

Cam 09-25-2003 03:30 PM
So in reality all Verisign is doing is taking away the numerous hits Microsoft gets on it's search page every day from mistyped URL's. So that's actually a good thing IMHO. Except for the other issues it causes, which are not good things.

xoxoxoBruce 09-25-2003 04:08 PM
If you mistype your URL request in Google, you'll still get there.;)

Undertoad 09-25-2003 04:34 PM
The problem with it is that it breaks the BIND protocol, which is more "infrastructure" than HTTP (which MS breaks). HTTP is only the web, BIND is the whole friggin' net and they do not get to break it on a whim in order to gain a business advantage.

Torrere 09-25-2003 05:19 PM
Well, Microsoft's IE error redirection has always pissed me off, too.

Especially when I type in "foo.org" and it sends me to the MSN search engine, asking me if I want to go to "www.foo.org".

juju 09-25-2003 11:19 PM
I can't seem to get this to happen. When I mistype a url in Mozilla I get a 404 error. What exactly must I do to get this effect?

Undertoad 09-26-2003 06:34 AM
You won't yet; Verisign has been blocked from doing it by the organization that oversees such things, but the concern is that this organization is just a mouthpiece for people like Verisign and will let up anyway.

hot_pastrami 09-26-2003 12:04 PM
Some peoples' concerns are security related. For instance, say a user tries to use a username and password to log into a fictional bank's website, but they mistype the URL (or maybe the URL is created improperly by a CGI or somethiing):

https://www.fictonalbank.com?user=someuser&password=trustno1

...this non-existent domain would take them to Verisign's redirect page on their webserver, and consequently their server logs would contain the username and password to access that bank account, as well as a domain name that is easily correctable for a human. These logs aren't so hard to get to on some servers.

A similar problem is if you mistype someone's domain in their e-mail address... the e-mail will go to Verisign. Some people don't like that. Even if Verisgn sends a "Mail could not be delivered" notice, are they deleting the e-mails? Saving the return addresses for SPAM lists? Who knows?

These are only two examples, there are others. Personally, I think it's Bad Idea for them to break the way the Internet is supposed to work. It's important for web browsers, e-mail apps, ftp software, and custom apps to know when they have not reached a real domain, so they can take corrective action. Verisign's change makes that job much harder, and in some cases impossible.

SteveDallas 09-26-2003 12:33 PM
The security concerns are real. Don't get me wrong, we ought to all give Verisign the smackdown on this. (And by the way, it's possible that this is not even a violation of the contract under which they operate the root servers. Just because nobody imagined the put it in the contract that they can't do it.) But it just occured to me that to the average end user, there's not a lot of difference between the Verisign results and the Microsoft results when you type something in wrong. (I'll leave any comments to the effect that comparing a practice to something Microsoft does is hardly a ringing endorsement as an exercise for the class.)

It will be interesting to see how long the ISC delegation workarounds take to filter around.

Tobiasly 09-28-2003 08:54 AM
Quote:
Originally posted by juju
I can't seem to get this to happen. When I mistype a url in Mozilla I get a 404 error. What exactly must I do to get this effect?
You have to type a non-existent second-level domain -- the part right before the ".com".

If you're getting a 404 error, you're typing a non-existent page on a valid domain, which isn't the same thing.

Try this:
http://www.asdfinsavlinasdv.com/

And it hasn't been blocked yet, UT, at least not for me. I know BIND is planning on releasing a patch to block it, but AFAIK it hasn't yet.

Tobiasly 10-03-2003 01:50 PM
Update: ICANN has issued Verisign an ultimatum: discontinue SiteFinder, or be sued.


All times are GMT -5. The time now is 08:30 AM.

Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.