Feeds

Tiscali: breaking DNS for fun and profit

Ghosts of typo hijacking past

Intelligent flash storage arrays

Tiscali is hijacking mistyped URLs to serve to its customers sponsored links.

The ISP started rerouting DNS errors to a page plastered with advertising yesterday. An irate customer has started a thread on the firm's forums criticising Tiscali allowing a third party to pump ads for ringtones and dating sites.

A screen grab of a hijacked DNS error page from Tiscali

Tiscali: helping you on your journey

A company rep, "Mr Tibbs" (who we last met during Tiscali's marathon email debacle earlier this year), replied that the ads (pictured) were "aimed at helping the customer on his/her journey rather than getting an error page."

The customer writes: "I urge you to withdraw the service. Meanwhile, enjoy the bad publicity, and enjoy running a business based on a pathetic, seedy business model that was proven not to work back in the 1990s."

In response, Mr Tibbs, says the "service" will be opt-out, but does not provide details.

Tiscali is not the first to attempt to squeeze more cash out of internet users this way. Verisign invoked the ire of the top level domain regulator ICANN when it attempted something similar in 2003. Verisign quickly bowed to ICANN's pressure and abandoned the system.

Despite this, Orange tentatively began gauging 2007 surfers' reaction to hijacking in April.

Hijacking error pages in this way causes a host of problems for users, and is in contravention of Internet Engineering Task Force (IETF) standards. The Internet Architecture Board has a commentary here here, and Tiscali's angry customer lists a few of the practicalities in a second post to the thread.

We are waiting for more comment from Tiscali.

Expert web users will be able to circumvent Tiscali's error hijacking by using a third party DNS list, such as OpenDNS. It's relatively simple to do and has no effect on your broadband contract, so plenty of Tiscali's 1.4 million subscribers should be able to vote with their feet.®

Bootnote

OpenDNS got a write-up in the New York Times this week. It works similarly to Verisign's 2003 hijack operation, and it serves adverts.

However, unlike Verisign's wheeze, which had free rein over the .com and .net top level domains controlled by the firm, OpenDNS is voluntary, and has a much bigger web address cache than ISPs. So is more likely to find what you were looking for than serve you a ringtone ad.

Beginner's guide to SSL certificates

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.