Home / Blogs

Bug Reveals the Snooper in VeriSign's Site Finder

Richard M. Smith

Here's another interesting angle on the Verisign Site Finder Web site.

VeriSign has hired a company called Omniture to snoop on people who make domain name typos. I found this Omniture Web bug on a VeriSign Site Finder Web page:

http://verisignwildcard.112.2o7.net/b/ss/veri
signwildcard/1/G.2-Verisign-
S/s03509671784255?[AQB]&ndh=1&t=17/8/
2003%2010%3A39%3A28%203%20240&pag
eName=Landing%20Page&ch=landing&server
=US%20East&c1=www.elinkprocess.com/htm
l/minibank_1000.html&c2=www.elinkprocess.
com/html/minibank_1000.html%20%2803/00
%29&c12=Yes&c13=03&c14=No&c15=00&c1
6=Yes&c17=15&c22=NOT%20SET&g=http%
3A//sitefinder.verisign.com/lpc%3Furl%3Dww
w.elinkprocess.com/html/minibank_1000.htm
l%26host%3Dwww.elinkprocess.com&r=http
%3A//www.google.com/search%3Fas_q%3D
mini-
bank%2B1000%26num%3D100%26hl%3Den
%26ie%3DUTF-8%26oe%3DUTF-
8%26btnG%3DGoogle%2BSearch%26as_epq
%3D%26as_oq%3D%26as_eq%3D%26lr%3
D%26as_ft%3Di%26as_filetype%3D%26as_q
dr%3Dall%26as_occt%3Dany%26as_dt%3Di
%26as_sitesearch%3D%26safe%3Dimages&
s=1024x768&c=32&j=1.3&v=Y&k=Y&bw=10
24&bh=538&ct=lan&hp=N&[AQE]

The query string of the URL contains the usual things such as the Web page URL, the referring URL, browser type, screen size, etc.  This query string is built on the fly by about 50 lines of JavaScript embedded in the Verisign Web page.

The Omniture server sets a cookie so that people can be watched over time to see what typos they are making.

Here's a bit more about the Omniture snooping service:

- http://www.omniture.com/announcement.html

Note to Omniture:  Yes, I was using Google to research security issues with the Mini-Bank 1000 ATM, but my interests are purely academic. ;-)

By Richard M. Smith, Computer & Internet Security Expert

Related topics: DNS, Domain Names, Registry Services, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Bug Reveals the Snooper in VeriSign's Site Finder Bob  –  Sep 22, 2003 11:37 PM PST

Here's a thought.  What if everyone, at least once a day, entered the URL "fuckyouverisign.com" into their browser as a protest against these assholes?

It's certainly legal to type something into your own browser and if they're logging "typos" (which I have no doubt they are), it just might give them the idea we really don't like them and their shitty actions.

Re: Bug Reveals the Snooper in VeriSign's Site Finder Marcel  –  Sep 23, 2003 2:01 PM PST

This is a bit of a red herring, in that the Omniture SiteCatalyst bug is simply a web-tracking tool, no different than many other Javascript-based tools out there. The cookie is part of the standard system, and allows it to report data like the number of unique users, which is much harder to reconstruct from server logs. Claiming this is snoopware muddies the waters, because every web site operator has an interest in usage statistics. And no, I don't work for Omniture, but we do use SiteCatalyst to track our site's usage. It doesn't reveal anything more personal than log analysis would.

Re: Bug Reveals the Snooper in VeriSign's Site Finder S.H.  –  Nov 06, 2003 1:21 AM PST

TLD wildcards might be amusing but they damage children.  American teenagers often leave highshool illiterate.  Many can barely read let alone type well.  Shouldn't our children know when they mistype URLs?  Remove them.. for the children.

- S.H.

Re: Bug Reveals the Snooper in VeriSign's Site Finder Tanya Ladoucer  –  May 25, 2004 1:41 PM PST

George Orwell was ahead of his time with "1984". I wondered, while I was reading the book, what it would be like to have Big Brother watching over my shoulder. Now I know.  Guess it IS time for another Boston Tea Party!

Re: Bug Reveals the Snooper in VeriSign's Site Finder ernst  –  Jul 06, 2004 6:34 AM PST

S.H. is korekt and the skools ar not going to git any funding if they dont teach our kids to spel fonetiklee.  I had a chat with the Superintendant of the local High School and I was told that Federal and State funds would NOT be given to the schools if they did not follow the Gov't guidelines of the "Dumbing Down" of our children.  Wake up parents!  If you don't go get after the School Boards of your child's schools, who will?  I'm glad I graduated with a good education and not one geared to let the Illegals in this country take it over!  Tanya's Tea Party is LONG AGO NEEDED!  Iraq just took our minds off the real problem...Our children and the influx of Illegal Aliens..and I don't mean ALF !

Re: Bug Reveals the Snooper in VeriSign's Site Finder mad1  –  Sep 06, 2004 11:45 AM PST

It's appalling that these companies get away with such indecent practices. Let's write our government to help stop this by sanctioning stiff penalties for companies such as this. Let's make them go bankrupt. I would like to see how well they would put up with all of us watching their moves. They need to do something about this problem because I have spent several days trying to fix all the junk they have placed on my computer. They ought to do what they are doing to telephone solicitors- Spy now -Major pay back!!!!!

Re: Bug Reveals the Snooper in VeriSign's Site Finder biggertoes  –  Dec 25, 2004 3:38 PM PST

snoop on people who make domain name typos?
how do you know that this is a bug?

Re: Bug Reveals the Snooper in VeriSign's Site Finder amtnbikinguy  –  May 25, 2005 11:25 AM PST

I agree I have been attacked several times by Omniture they were all blocked by McAfee firewall and I traced them and reported them to they were very helpfull and told me that Omniture leases the IP address that I reported and said such practice is illegal and they will investigate the attacks and I have reported more like they said to do. I even talked on the phone with them at Internap the are going to try to stop this if you have copies from your firewalls send them to the more reports the better so they can take it to Omniture. I have also takin my own steps by banning the IP range 216.52.17.0 - 216.52.17.255 in my Firewall now they get no response so they even try to ping me lololol but I am not there lolol

Re: Bug Reveals the Snooper in VeriSign's Site Finder MG  –  Dec 03, 2005 12:48 AM PST

Good lord! The paranoia & ignorance around this issue astounds me.  If you were to do the research, damn near every site you visit tracks anonymous visitor click stream behavior.  The data is typically used by site operators to find trouble spots and optimize the site for better visitor experience.
Others use it to understand what brought you to the site.  The data is anonymous unless you agree have you personal information tracked.
Whether it's log file or Javascript it's happening..guess what? CircleID does it too! via log file analysis! If you think this type of tracking is an "attack" or "snooping" then don't use google, don't use MSN, don't use yahoo, and definitely don't bitch when you experience sites that are not user friendly.  The only safe bet for those who are too lazy to research what type of tracking is helpful to visitors and what type of tracking is truly a threat, I advise you just stay off line.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Update on Minds + Machines' Top-Level Domain Launches

ICANN Los Angeles Recap Webinar

TLD Registry Appoints First China General Manager, Mr Jin Wang

TLD Registry Opens China Headquarters in "China's Silicon Valley"

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Infographic: Where in the World Do Chinese People Live?

Public Interest Registry Seeks Leaders to Serve on its NGO Community Advisory Council

Neustar to Build Multiple Tbps DDoS Mitigation Platform

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias