Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Wed, 17 Sep 2003 23:31:51 -0400
From: David Harmon <dmh@xxxxxxxx>
Subject: Elapsed time from hijack to fix -- under 48 hours!
To: dave@xxxxxxxxxx
>Date: Sun, 14 Sep 2003 22:31:56 -0400
>To: undisclosed-recipient:;
>From: Monty Solomon <monty@xxxxxxxxxx>
>Subject: Profits in Missed Exits on Information Highway
[followed by the official announcement...]
Subject: [Asrg] Verisign: All Your Misspelling Are Belong To Us
Date: Tue, 16 Sep 2003 03:10:52 +0200
From: Brad Knowles <brad.knowles@xxxxxxxxx>
[he's forwarding...]
Date: Mon, 15 Sep 2003 19:24:29 -0400
From: Matt Larson <mlarson@xxxxxxxxxxxx>
Subject: Change to .com/.net behavior
Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now. We have prepared a white paper describing VeriSign's
[But then...]
Date: Wed, 17 Sep 2003 15:58:01 +0200
From: "Remco B. Brink" <remco@xxxxxxx>
Subject: Evil VeriSign, patch included
...
The Internet Software Consortium, a nonprofit that publishes BIND, the
software
that runs many of the Net's domain name servers, has just released an
emergency
patch [2] to block VeriSign's new Site Finder service.
It seems Verisign forgot that they don't actually rule the Internet!
Even given the short notice, it took an independent organization,
without government sponsorship (?) less than 48 hours to release a
change which will (eventually) kill this uber-typosquatting stunt.
This reminds me of the time back in the late 80s, when Unisys tried
to make some money from having inherited a patent for an algorithm used
in GIF image files, which had become popular. Within 48 hours (again)
someone had released a modified version of the GIF standard, which avoided
the patent. They also provided viewers for the new standard, and utilities
for rapid conversion of "legacy" files. Unisys backed down *very* fast!
As a final shot, let me point out that Verisign's trick doesn't affect any
existing typosquatters, such as those porn sites that try to put your
browser into bondage. So, mistype an address today, get
SiteFinder. Mistype the same address differently (or later, after a new
batch of registrations), and get a sticky porn site. Hmmm....
Dave Harmon