Feeds

Comcast trials Domain Helper service DNS hijacker

Here to stay

3 Big data security analytics techniques

The DNS hijacker is here to stay.

When Denver-based developer Brent Gartner returned home from vacation this week, he discovered that Comcast, his home ISP, was redirecting his mistyped urls to its very own ad-laden search pages. Earlier this month, the cable giant resurrected this age-old land-grab scheme in several US markets, including Colorado, with an eye on hijacking typos across the country.

Comcast does provide an opt-out. And Brent Gartner promptly did so. But the new scheme still boils his blood. "This pisses me off as it will surely break many web-serivces, spiders, and any client other than web browsers that use HTTP," he tells The Reg. "It looks like a blatant attempt to steal revenue from competing services."

As you might expect, Comcast doesn't call its DNS hijacker a DNS hijacker. It prefers "Domain Helper service."

"Despite the fact that web addresses are easier to remember than their IP address counterparts, sometimes you mistype an address," reads a company blog post. "Normally, you then sit and wait for the Web browser to time out, then you receive an error message that the site does not exist, and then you have to retype the correct address.

"With the Domain Helper service we are testing now, we will instead help direct your Web browser to an easy-to-use page with suggestions and links to get you back on track. We also provide a seamless search experience on this page, which is powered by Yahoo!, so you can find relevant search information, or simply perform another search."

And no doubt, when you click on Yahoo! ads, Comcast takes a cut.

The, um, service is currently under trial in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington. But other markets can expect some hijacking in the near future. "The goal is to roll it out nationally when we’re done testing in these initial markets," a company spokesman tells us.

Countless other ISPs have introduced similar schemes, including Charter, Cox, Earthlink, and Verizon. And some, including California-based ISP DSL Extreme, were forced to reverse themselves in the face of user complaints.

Famously, VeriSign once tried to hijack typos as a top-level domain operator. And it backpedaled, as well.

Comcast has at least been open about the matter - while providing an opt-out. The company has also submitted a whitepaper on the operation to the Internet Engineering Task Force (IETF), available here.

The ISP does not prevent the use of the third-party DNS servers - though it was falsely accused of doing so earlier this year. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE & Vodafone will let you BONK on the TUBE – with Boris' blessing
Transport for London: You can pay, but don't touch
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.