Verisign Considers Restarting Sitefinder 376
Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"
Why is a profit-company in such a central role? (Score:5, Interesting)
You would think... (Score:4, Interesting)
The problem is, are ICANN going to back down this time and let it slide, or are they going to continue to give Verisign hell over this, and pressure them, as they should definitely do?
Are we likely to see another backlash from users and network admins?
And will there be the same sort of media coverage that basically gave Verisign quite a bad bit of PR for 2 weeks.
It seems like they have sneaked this out again with the minimal amount of fanfare in an attempt to try and stifle the opposition, but when you have so many people mistyping domains everyday, you cant really expect it to go unnoticed and not to piss people off.
the sooner (Score:5, Interesting)
Re:Why is a profit-company in such a central role? (Score:2, Interesting)
Re:And microsoft does this anyway to all windows u (Score:2, Interesting)
Take a wild guess?! (Score:1, Interesting)
Guess which site is the next potential target for the MyDoom virus??
Re:capitalism at its best... (Score:2, Interesting)
when is DDOS not a DDOS ? (Score:5, Interesting)
to a site that Does Not Exist ?
how about some scripts to pump out requests to a fairly
limited set of known to be Non-Existent domains...
could this possibly cause an interesting burden on Verishit's servers?
would the name lookups themselves affect DNS too badly to
cause innocent collateral damage? i'd hope caching of a limited
set of non-existent names would avoid much dns load.
just curious, academic musing and all that...
It very well might be. (Score:5, Interesting)
If site finder goes up.. All falied DDOS going to old domain names will end up taking those attacks. Guess verisign will be the official decoy for outdated worms. =)
Troubleshooting (Score:3, Interesting)
Re:It very well might be. (Score:5, Interesting)
Well... (Score:2, Interesting)
Re:That is pure evil. (Score:5, Interesting)
Re:Why is a profit-company in such a central role? (Score:5, Interesting)
On a similar note, how about an industry wide boycott of all Verisign certificates. The next round of certificate-extortion goes through someone else, and uninstall their root certs too - I'd hardly call them "trusted" after pulling this junk again.
it's not a lie if there is a grain of truth to it (Score:5, Interesting)
Hm, let's see:
a) Right. It just was extremely controversial with those who didn't use it (i.e. everyone else, like 99% of the Internet users)
b) Right, it wasn't controversial. Everyone agreed that it's a bloody fucking stupid thing.
c) Right, it wasn't the Sitefinder page itself that we all hated, it was Verisigns "bend over, here we come" attitude of forcing it on everyone, whether they wanted to or not.
Now that's three ways how he's saying the truth. Can't really argue with that, can you?
Sitefinder breach of contract with ICANN? (Score:5, Interesting)
"The contractual inconsistencies include, violation of the Code of Conduct and equal access obligations agreed to by VeriSign, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry-Registrar Protocol, failure to comply with domain registration limitations, and provision of an unauthorized Registry Service."
Re:And microsoft does this anyway to all windows u (Score:4, Interesting)
ObInsult: Ya Jughead!
Re:Fine, if it's within your control (Score:4, Interesting)
As for error generation, if you've got DNS redirection on your router (like on my cisco I can tell it to take one DNS name and rediect it to another, or take on IP and redirect it to a DNS name), you can redirect the DNS name to a fictional one, like
"www.this.dns.name.doesn't.exist.net.com.org.bleg
For those of you who don't have pretty routers, use the windows hosts file to do the same with DNS and IP redirection on your boxen.
I'v got a feeling that if enough admins and ISP's blacklist their domain, they'll either get the message, or start trying to change IP's and whatnot. Inwhich case I believe ICANN will get real pissed at them dodging our blacklist for buisness.
Let them. (Score:5, Interesting)
Maybe ICANN won't notice as everybody migrates away from their little empire of root servers until everybody's already used to the idea; that will eliminate the 'single point of political failure'.
Verisign is busy proving all over again that FLOSS has been demonstrating: when it comes to the Internet, the only people you can trust are everybody.
Re:Proof that some people never learn (Score:5, Interesting)
Wow, and I was just starting to forget about how much I vehemently hated Verisign. It's always good when a company reminds you every once in awhile why you believe they're completely evil.
Just a reminder to the DNS admins:
Re:Proof that some people never learn (Score:5, Interesting)
Not that I'm suggesting anything.
Re:Alternative root servers (Score:3, Interesting)
Futhermore, the administrative structure of DNS is also based on the hierarchy, and having a flat name system would cause all kinds of issues.
This would also prvent the introduction of new TLDs for fear of a name collision with the TLD itself.
*Finally*, why would we alias *.com to a TLD? Folks in, say, the UK, might prefer *.co.uk.
If you want "slashdot" to resolve to "slashdot.org", you can add it to your hosts file and get the effect without causing massive network problems.
Re:Isn't there anything we can do? (Score:2, Interesting)
Problem caused by sitefinder the first time around (Score:1, Interesting)
After sitefinder was originaly turned on, a number of players of an certain game were crashing when they entered the game's online matchmaking lobby.
Why?
The MOTD for the game was retrieved from a webserver and copied into a fixed length buffer before being shown.
At some point in the past the game's publisher started redirecting all requests to the webserver that had the MOTD page to another, much larger in size, page. Which overflowed the buffer and crashed the game.
One of the players decided to do something about it while waiting for things to be put back to the way they were. They modified one of the game files with a hex editor, munging the domain name to a non-existing one, and distributed the modified file to a number of other players.
This stopped the crashing, until months later, long after the company fixed the MOTD page, when sitefinder came along. Then the munged domain suddenly started serving up pages, and again the game was crashing.
Now granted, the problem was 100% a result of bugs in the game, but it was still triggered by sitefinder.
Makes me wonder how many other programs are out there with similar bugs.
--McVerne
Re:Why is a profit-company in such a central role? (Score:3, Interesting)
I agree with the general idea. A company who resorts to this kind of behavior is hardly someone that can be trusted. This mindset affects their DNS operations today. What other areas of their business are next?
Having said that - who is a suitable sub (it's not Thawte)?
Re:Proof that some people never learn (Score:3, Interesting)
Re:Proof that some people never learn (Score:1, Interesting)
Methinks you overestimate the storage available to them.
IIRC, domain names can be up to 63 bytes in length - even limiting yourself to case-less alphanumerics, that's 36^62 combinations - or slightly over 3 yotta yotta yotta yotta bytes (that's 3 with 96 zeores on the end.) That's the equivalent of about 87 octillion 100GB hard drives.
And that's just for one TLD (so double it for
Re:Well... (Score:1, Interesting)
Re:Alternative root servers (Score:3, Interesting)
Or you can just use Firefox. No fuss, albeit a slight delay.
Re:Well... (Score:3, Interesting)
No. The username and password are authenticated by a cryptographic challenge. The password is never sent over the channel, in encrypted form or otherwise. It's a mathematical challenge protocol which only works if both sides already know what the correct password is.
It's impossible to set up a "fake" ssh server and steal people's passwords. This was one of the design points of ssh (and any other cryptographic service worth its salt).