-
Blogs
-
News
-
Industry
-
Community
-
Topics
I just discovered that VeriSign's SiteFinder Web site is leaking data submitted in Web forms to its marketing analysis partner, Omniture. Forms can easily contain personal information such as an email address. For the problem to occur, a Web form must use the GET method.
This data spill problem occurs if a Web page anywhere on the Internet submits a Web form to an action URL with a misspelled or expired domain name. Because of VeriSign's recent controversial changes to the DNS system, this form data is submitted to the SiteFinder Web site.
SiteFinder in turn passes the form data along to Omniture in the URL of a Web bug. The Web bug is constructed on the fly by about 50 lines of JavaScript code embedded in the SiteFinder home page.
This data spill problem raises legal questions because of possible violations of the VeriSign privacy policy and of the Electronic Communications Privacy Act (ECPA).
As a point of comparison, it appears that Microsoft went out of their way to not receive form data with their Smart Search feature. In my experiments, Smart Search is not enabled for Web form action URLs with misspelled or expired domain names. Instead, Internet Explorer gives a generic 404 error page.
Here's an example form that illustrates the problem:
< a href="http://verisignwildcard.112.2o7.net/b/ss/verisignwildcard/1
/">http://verisignwildcard.112.2o7.net/b/ss/verisignwildcard/1/
G.2-Verisign -S/s07262928512095?[AQB]&ndh=1&t=23/8/2
003%2016%3A6%3A20%202%20240&pageN ame=Landing
%20Page&ch=landing&server=US%20East&c1=www.atypod
omainthatism isdirectedbyverisign.com/cgi-bin/subscribe.pl
%3Flist%3Dhorsebreeding%26a mp%3Bemail%3D&c2=ww
w.atypodomainthatismisdirectedbyverisign.com/cgi-bin/ sub
scribe.pl%3Flist%3Dhorsebreeding%26amp%3Bemail%3D
%20%2800/00%29&c3=ww w.atypodomainthatismisdirecte
dbyverisign.com/cgi-bin/subscribe.pl%3Flist %3Dhorsebree
ding%26amp%3Bemail%3D%20%28DYM%29&c12=No&c13
=00&c14=No&c15=0 0&c16=Yes&c17=15&c22=NOT%26%2
332%3BSET&g=http%3A//sitefinder.verisign.co m/lpc%3Fu
rl%3Dwww.atypodomainthatismisdirectedbyverisign.com/
cgi-bin/sub scribe.pl%253flist%253Dhorsebreeding%2526
email%253D%26host%3Dwww.atypodo mainthatismisdirec
tedbyverisign.com&s=1024x768&c=32&j=1.3&v=Y&k=Y&b
w=101 6&bh=530&ct=lan&hp=N&[AQE].
Some relevant links are:
- Electronic Communications Privacy Act
- Court draws a line for online privacy
By Richard M. Smith, Computer & Internet Security Expert
Related topics: DNS, Domain Names, Privacy
To post comments, please login or create an account.
Top-Level DomainsSponsored byMinds + Machines | |
DNSSECSponsored byAfilias | |
MobileSponsored bydotMobi | |
SecuritySponsored byVerisign | |
DNSSponsored byNeustar UltraDNS |
What IP adresses can be entered into a software firewall such as ZoneAlarm to prevent access to Verisign and it's minions? How do you id the spy cookie to delete?
Jim,
From the command prompt/shell, type in the following:
# ping alksjdaksdj.com
— or --
c:> ping alksjdaksdj.com
The IP that this non-existant domain will resolve to (and all other non-existant .com and .net domains) is 64.94.110.11
So it may be possible to block HTTP request to 64.94.110.11 with your personal firewall (or with your router). You may also request that your ISP or employer block requests to this address.
A word of caution: Verisign could easily change the IP address for Site Finder at any time. The best solution is to have your ISP/employer ignore the Site Finder wildcard at the DNS level.
For businesses/ISPs running their own DNS, you should thank your stars that the ISC has already released a patch for BIND that'll allow you to block root level DNS wildcards. Check out http://www.isc.org/products/BIND/delegation-only.html
for information on configuring your BIND servers to ignore wildcards and thus ignore the Site Finder service.
Happy blocking.
- status quo
Hey, also to let you guys know of an easy way to block Verisign's monopoly of the internet is to edit your HOSTS file.
This file is found in the following locations:
Linux /etc
Windows 95/98/Me c:windows
Windows NT/2000/XP c:windowssystem32driversetc
c:winntsystem32driversetc
Copy and paste the following line to the bottom of this file.
127.0.0.1 sitefinder.verisign.com
If you don't have a HOSTS file juse open a text editor and save it as HOSTS with no extension in the appropriate directory.
Happy blocking these jerks. Boycott Verisign, Boycott Network Solutions (parent company)! Support Do-Not-Call registry. The general public hates telemarketers!
You MUST be kidding!
VeriSign is supposed to provide security and privacy. If what you say is correct then VeriSign is doing just the opposite.
On the one hand VeriSign is making big bucks with their security services. On the other hand they are making big bucks by capturing private information and passing it along to a marketing company.
I would like to refuse to use VeriSign's new Site Finder service because I do not agree with their terms and conditions (T&C).
Unfortunately, I have no choice in the matter; I am dumped on their site against my will and being told that since I am there I must abide by their T&C.