Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Verisign's 'SiteFinder' finds privacy hullabaloo
Deborah Radcliff, SecurityFocus 2003-09-19

Privacy advocates have joined the chorus of critics of Verisign's "SiteFinder," which on Monday began directing mistyped dot-com and dot-net e-mail and Web addresses to a search site operated by the company and Overture.com, a Pasadena, Calif.-based advertising company that brands itself as a search engine.

Comments Mode:
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-19
Anonymous (1 replies)
For what it's worth, I emailed Verisign about this and part of their response was:

"VeriSign is not logging and has no plans to log any email address sent to the Site Finder response server via SMTP."...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-21
Coldman
It surprises me thay they did respond :)

But anyway, there is no point to accept data which is not collected (this is a huge waste of resources in our case). So this is a lie.

...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-19
Anonymous
Nice XSS in "sitefinder" as well:

http://sitefinder.verisign.com/lpc?url=www.googleurl%22%0D%0A%20alert(document.cookie)%20//.com&host=www.googlehost.com

...

[ more ]  [ reply ]
Who's Omniture and what's all this stuff? 2003-09-19
Anonymous
What's all this stuff from the sitefinder page?

0){s_prop12="Yes"}

var s_prop14="No"

if(s_prop15>0){s_prop14="Yes"}

var s_prop16="No"

if(s_prop17>0){s_prop16="Yes"}

var s_prop2=s_prop1+" ("+s_prop13+"/"+s_prop15+")";

...

[ more ]  [ reply ]
Fighting SiteFinder 2003-09-21
bl0rf
I have spent all of Saturday trying to exclue myself from th SiteFinder service.

Unfortunately Verisign has a bot answering it's emails, I had two identical responses

presumably coming from real people.

I suggest that people call them up and point out that this "service" theyre receiving

from Ve...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-22
Anonymous (1 replies)
Hmmm.

We've seen anti-virus software developers that become spammers, o.s. developers that distribute viruses, now a c.a. that isn't so honorable after all!

What's next?

Gasoline that doesn't combust?

Computers that won't compute?

"designer" computing at it's best, eh?

Absolutely d...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-22
Anonymous
Hi I sent this to versign... I hope to get an answer..

-------------

From: myhotmailadress (at) hotmail (dot) com [email concealed]

Sent: den 22 september 2003 15:05

To: websitesales (at) verisign (dot) com [email concealed]; consultingsolutions (at) verisign (dot) com [email concealed]; dnssales (at) verisign (dot) com [email concealed]; premiersupport (at) networksolutions (dot) com [email concealed]; websitesupport (at) verisign (dot) com [email concealed]; a...

[ more ]  [ reply ]
a way to make VS change their minds 2003-09-22
L (1 replies)
I belive there is a way to flood VS http serwers with requests that points to unexistent domains without any harm to single users. Just place an img src="http://something_random.com" width=1 height=1 tag on as many pages as you can.

VS will be polluted with a bunch of 404 requests.

...

[ more ]  [ reply ]
a way to make VS change their minds - maybe 2003-09-25
Roger
Kind of nice, but you will probably want to generate it in CGI or Javascript so it can change frequently; however make sure it isn't on a page that is the target of a form with method GET, or they will get to log the form contents.

And of course they will still get a listing of everyone who's hit...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-22
Anonymous (1 replies)
If you can't trust Verisign to tell you the truth about a simple thing like whether or not a domain name is a valid registered name or not, what in the world would make anybody think they were telling the truth about what they were doing with all of the marketable data that is being sent to their se...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-23
Anonymous
Exactly, there must be a business reason to spend money to install and support host(s) to receive all of the junk requests from the internet. Perhaps it is just for the advertising income but I suspect it would be for more than that. I think all of the negative publicity happening would be a good r...

[ more ]  [ reply ]
Verisign's 'SiteFinder' Complaints 2003-09-23
Anonymous
To place your complaints directly with Verisign, email them at the following:

sitefinder (at) verisign-grs (dot) com [email concealed]

I think they would like the feedback....

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-23
Anonymous
If you run a Linux system you can block

them by adding:

/sbin/ipchains -I input -i $EXTERNAL_INTERFACE -s 12.158.80.10 -j DENY

/sbin/ipchains -I output -i $EXTERNAL_INTERFACE -d 12.158.80.10 -j DENY

to your firewall chain....

[ more ]  [ reply ]
Questions about Verisign's 'SiteFinder' Terms of Use. 2003-09-23
Michael Strom
After reading the terms of use I have the following questions can anyone answer.

If I mistype a DNS do I agree to there terms of use?

If so is this legal?

If I have an unresolved link in a website can I be sued for redistributing sitefinder?

If not what if I have an imbedded page or fram...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-24
Hugo van der Kooij (2 replies)
As owner of a domain name formerly registered by a Veri$ign company I was surprised to find paper spam arriving at my door with the exact typo in the address I used in their database.

This typo was in the part one could not gather through the WHOIS interface and my conclusion was this Veri$ign co...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-25
Anonymous
wonder why everybody were happy when MS was doing this......

[ more ]  [ reply ]
Not their first sleazy tactic. 2003-09-29
Anonymous
Oh I can do better than that. I had several names registered at GoDaddy, and received [paper spam] "Renewal" forms from Verisign. Pretty interesting, considering they weren't registered with Verisign.

Read the fine print, and yup, they were trying to slam me. The "Renewal" form was a TRANSFE...

[ more ]  [ reply ]
THEIFS stole my money and broke my internet NOW! 2003-09-27
Anonymous
A couple months ago, they were trying to charge me $250 for a domain name that SHOULD"VE been expired - extortion

Now, they think they can STEAL the hottest properties on the net right now... SEARCH ENGINES

Who are these BZOS and WHEN are we gonna DEREGULATE the INTERNET!?!??!...

[ more ]  [ reply ]
Verisign is Spam!! You are not able to not use Sitefinder!! 2003-09-30
Jimmy
You are not able to not use sitefinder!! Get what I mean? It means that you HAVE to use its service, regardless of whether you accept or decline its "Terms of Service"(which there are no Accept or Decline buttons anyway.).

This means that Verisign is now the sole page that is directed to when you...

[ more ]  [ reply ]
Verisign's 'SiteFinder' finds privacy hullabaloo 2003-09-30
Jim
Anyone who owns a domain name knows that Verisign has only one interest and that is turning a profit. They aren't interested in customer service, unless you are a new customer, and they appear to be planning to sell your domain out from under you should it expire, even for a second, so keep up on yo...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus