Feeds

Verisign backlash gathers force

All your Web typos aren't belong to us

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The backlash against Verisign's controversial decision to direct users who get lost on the Web to a search engine site run by the company is gaining momentum.

Net users have set up an online petition to protest the move, which critics say is an abuse of Verisign's role as steward of the .com and .net top level domains and a violation of established technical procedures.

The signatories to the petition are calling on Net governing body ICANN to put pressure on Verisign to drop the practice which breaks technical standards affecting email services, and other Internet systems. In particular, there's concern the move will make it harder to identify spam that originates from non-existent domains. So Verisign is (inadvertently) assisting spammers bypass some filtering techniques.

(There were 12,360 signatories to the petition early this afternoon but this figure has since been reset, amid security concerns email address on the petition v1.0 were been harvested by ne'er do wells.)

Breaking standards, hijacking users

Protestors also believe Versign's move is anti-competitive. As does Florida-based 'search services' company Popular Enterprises which has filed a law suit which seeks to compel Verisign to drop its controversial Site Finder service, Reuters reports. Popular Enterprises has a history of purchasing expired domain names and directing them to its Netster search site, a practice not dissimilar to what it is complaining about.

Still the law suit has been broadly welcomed in the Net community as another means to bring pressure to bear on Verisign.

The controversy kicked off on Monday, when Verisign added wildcard DNS records to all .com and .net domains - redirecting surfers who get lost on the Net to a search page, called Site Finder, run by the company. Those who type in non-existent addresses will also be served up Site Finder, instead of an error message. Verisign isn't saying how much it expects to make from selling advertising on this site. According to Verisign, 20 million users a day mistype the name of the domain they wish to visit - so the commercial potential of Site Finder is considerable.

Techies BIND Verisign up

In response to Verisign's audacious land grab, the developer of the technology used to direct most surfers on the Web has released a workaround designed to stop users who mistype URLs ending up at Verisign's new search site.

The Internet Software Consortium, the non-profit body that develops the ubiquitous BIND domain name server, has adapted its software so that those users who enter mistyped domain names are served up with old-style error messages instead of Site Finder.

The patch (BIND 9.2.3rc2), which limits .com and .net zones to be "delegation-only" (i.e. wildcard entries a la Verisign will not resolve to anything), is explained here. ®

Related stories

All your Web typos are belong to us
Verisign DNS change broke my HP printer (letters)
BIND developer blocks Verisign Net grab move
Verisign's SiteFinder finds privacy hullabaloo

Intelligent flash storage arrays

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.