Yes, this is sickening. There are quite a few evil ramifications of this including XSS exploits in IE: IF you've got Internot Exploder handy try this:
http://";alert('verislime');".net
ISC has released a patch and there are hundreds of other patches out
there for most server setups.
There are even sites that list patched DNS servers. (which I'm sure will
be posted here sooner or later *cough* fo0bar)
And.
this posting from Full-Disclosure is alarming to me:
From:
Richard M. Smith
<[EMAIL PROTECTED]>
To:
[EMAIL PROTECTED]
Subject:
[Full-Disclosure]
VeriSign hires
Omniture to snoop
on typos
Date:
Wed, 17 Sep 2003
11:07:52 -0400
Hi,
Here's another interesting angle on the Verisign Site Finder Web site.
VeriSign has hired a company called Omniture to snoop on people who make
domain name typos. I found this Omniture Web bug on a VeriSign Site
Finder Web page:
http://verisignwildcard.112.2o7.net/b/ss/verisignwildcard/1/G.2-Verisign
-S/s03509671784255?[AQB]&ndh=1&t=17/8/2003%2010%3A39%3A28%203%20240&page
Name=Landing%20Page&ch=landing&server=US%20East&c1=www.elinkprocess.com/
html/minibank_1000.html&c2=www.elinkprocess.com/html/minibank_1000.html%
20%2803/00%29&c12=Yes&c13=03&c14=No&c15=00&c16=Yes&c17=15&c22=NOT%20SET&
g=http%3A//sitefinder.verisign.com/lpc%3Furl%3Dwww.elinkprocess.com/html
/minibank_1000.html%26host%3Dwww.elinkprocess.com&r=http%3A//www.google.
com/search%3Fas_q%3Dmini-bank%2B1000%26num%3D100%26hl%3Den%26ie%3DUTF-8%
26oe%3DUTF-8%26btnG%3DGoogle%2BSearch%26as_epq%3D%26as_oq%3D%26as_eq%3D%
26lr%3D%26as_ft%3Di%26as_filetype%3D%26as_qdr%3Dall%26as_occt%3Dany%26as
_dt%3Di%26as_sitesearch%3D%26safe%3Dimages&s=1024x768&c=32&j=1.3&v=Y&k=Y
&bw=1024&bh=538&ct=lan&hp=N&[AQE]
The query string of the URL contains the usual things such as the Web
page URL, the referring URL, browser type, screen size, etc. This query
string is built on the fly by about 50 lines of JavaScript embedded in
the Verisign Web page.
The Omniture server sets a cookie so that people can be watched over
time to see what typos they are making.
Here's a bit more about the Omniture snooping service:
http://www.omniture.com/announcement.html
Note to Omniture: Yes, I was using Google to research security issues
with the Mini-Bank 1000 ATM, but my interests are purely academic. ;-)
Richard M. Smith
http://www.ComputerBytesMan.com
Patch your bind, and I am writing rules to block verislime from
accessing my networks.
love
chris
--
Christopher Neitzert http://www.neitzert.com/~chris
775.853.5314 - [EMAIL PROTECTED] - GPG Key ID: 7DCC491B
signature.asc
Description: This is a digitally signed message part
