Feeds

Comcast trials Domain Helper service DNS hijacker

Here to stay

SANS - Survey on application security programs

The DNS hijacker is here to stay.

When Denver-based developer Brent Gartner returned home from vacation this week, he discovered that Comcast, his home ISP, was redirecting his mistyped urls to its very own ad-laden search pages. Earlier this month, the cable giant resurrected this age-old land-grab scheme in several US markets, including Colorado, with an eye on hijacking typos across the country.

Comcast does provide an opt-out. And Brent Gartner promptly did so. But the new scheme still boils his blood. "This pisses me off as it will surely break many web-serivces, spiders, and any client other than web browsers that use HTTP," he tells The Reg. "It looks like a blatant attempt to steal revenue from competing services."

As you might expect, Comcast doesn't call its DNS hijacker a DNS hijacker. It prefers "Domain Helper service."

"Despite the fact that web addresses are easier to remember than their IP address counterparts, sometimes you mistype an address," reads a company blog post. "Normally, you then sit and wait for the Web browser to time out, then you receive an error message that the site does not exist, and then you have to retype the correct address.

"With the Domain Helper service we are testing now, we will instead help direct your Web browser to an easy-to-use page with suggestions and links to get you back on track. We also provide a seamless search experience on this page, which is powered by Yahoo!, so you can find relevant search information, or simply perform another search."

And no doubt, when you click on Yahoo! ads, Comcast takes a cut.

The, um, service is currently under trial in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington. But other markets can expect some hijacking in the near future. "The goal is to roll it out nationally when we’re done testing in these initial markets," a company spokesman tells us.

Countless other ISPs have introduced similar schemes, including Charter, Cox, Earthlink, and Verizon. And some, including California-based ISP DSL Extreme, were forced to reverse themselves in the face of user complaints.

Famously, VeriSign once tried to hijack typos as a top-level domain operator. And it backpedaled, as well.

Comcast has at least been open about the matter - while providing an opt-out. The company has also submitted a whitepaper on the operation to the Internet Engineering Task Force (IETF), available here.

The ISP does not prevent the use of the third-party DNS servers - though it was falsely accused of doing so earlier this year. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.