ISP cashing out on customer’s website typo’s maybe insecure
So you’re browsing the web after work one day at home. You misspell the website you’re trying to access. We have all done it, even the best writers in the world have typo’s. But this article over at The Reg says that Internet Service Providers purposely bank off customer’s typo’s. Those websites that you misspell and open up a blank page with a bunch of advertisements could be your ISP trying to make additional money from you. Security researcher Dan Kaminsky said at this years ToorCon that these technique’s ISP’s use to make additional revenue could be insecure to the customers. ToorCon is an annual hacker conference in San Diego where they discuss everything from device hacking, reverse engineering, to cryptographic algorithm’s. Here’s an excerpt from the article:
“Comcast, Verizon and at least 70 other Internet service providers are putting their customers at serious risk in their quest to make money from mistyped web addresses, security researcher Dan Kaminsky says.
Speaking at the ToorCon security conference in Seattle, Kaminsky demonstrated an exploit class he dubbed PiTMA, short for provider-in-the-middle attacks. A variation of man-in-the-middle attacks, it stole authentication cookies and injected arbitrary content into trusted web pages by exploiting weaknesses in an ad server Earthlink used when returning results for non-existent addresses.
Once upon a time, mistyped domain names resulted in a browser returning a simple 404 error that said the address didn’t exist. Then ISPs realized they could make money by returning a failure notice that included banner ads and other content. This ad injection is done through the magic of the domain name system. As a result, browsers get fooled into thinking a request for qww.microsoft.com is a legitimate address that’s controlled by the same network responsible for www.microsoft.com.
“Guys, anything goes wrong on that subdomain [and] it isan element of the parent,” Kaminsky said. “It can access cookies, it can do other things. Normally a subdomain is trusted by the parent. Not this time.”