Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Elapsed time from hijack to fix -- under 48 hours!

From: Dave Farber <dave () farber net>
Date: Thu, 18 Sep 2003 05:38:55 -0400


Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 17 Sep 2003 23:31:51 -0400
From: David Harmon <dmh () tiac net>
Subject: Elapsed time from hijack to fix -- under 48 hours!
To: dave () farber net


>Date: Sun, 14 Sep 2003 22:31:56 -0400
>To: undisclosed-recipient:;
>From: Monty Solomon <monty () roscom com>
>Subject: Profits in Missed Exits on Information Highway

[followed by the official announcement...]


Subject: [Asrg] Verisign: All Your Misspelling Are Belong To Us
Date: Tue, 16 Sep 2003 03:10:52 +0200
From: Brad Knowles <brad.knowles () skynet be>


[he's forwarding...]

Date: Mon, 15 Sep 2003 19:24:29 -0400
From: Matt Larson <mlarson () verisign com>
Subject: Change to .com/.net behavior

Today VeriSign is adding a wildcard A record to the .com and .net
zones.  The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT.  The wildcard record in the .com zone is
being added now.  We have prepared a white paper describing VeriSign's


[But then...]


Date: Wed, 17 Sep 2003 15:58:01 +0200
From: "Remco B. Brink" <remco () rc6 org>
Subject: Evil VeriSign, patch included

...
The Internet Software Consortium, a nonprofit that publishes BIND, the software that runs many of the Net's domain name servers, has just released an emergency 
patch [2] to block VeriSign's new Site Finder service.


It seems Verisign forgot that they don't actually rule the Internet!
Even given the short notice, it took an independent organization,
without government sponsorship (?) less than 48 hours to release a
change which will (eventually) kill this uber-typosquatting stunt.

This reminds me of the time back in the late 80s, when Unisys tried
to make some money from having inherited a patent for an algorithm used
in GIF image files, which had become popular. Within 48 hours (again) someone had released a modified version of the GIF standard, which avoided the patent. They also provided viewers for the new standard, and utilities for rapid conversion of "legacy" files. Unisys backed down *very* fast!
As a final shot, let me point out that Verisign's trick doesn't affect any existing typosquatters, such as those porn sites that try to put your browser into bondage. So, mistype an address today, get SiteFinder. Mistype the same address differently (or later, after a new batch of registrations), and get a sticky porn site. Hmmm.... 

        Dave Harmon




-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: