Canadian ISP Hijacking DNS Lookup Errors 225
Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."
Re:easy solution (Score:4, Insightful)
so, how long before your ISP starts blocking use of DNS servers other than their own?
Fantastic. (Score:4, Insightful)
I'm guessing one of two things:
Manually configure alternate DNS servers on a per device basis(a la Verizon's current setup, may they be thrice cursed)
or:
Something involving cookies, a la Phorm and friends.
For things like this, opt-out just isn't good enough.
PaxFire (Score:5, Insightful)
[This is Dan Kaminsky]
I took a look at what Rogers is doing. They're using PaxFire, who indeed was directly vulnerable to the attacks I described at Toorcon a few months ago. PaxFire fixed their stuff up, but yes, the security of the web at Rogers is limited to the security of those ad servers at PaxFire.
Add Insight to the list (Score:4, Insightful)
I guess the thought with the ISP's nowadays is that "everybody else is doing it, why can't we?"
Re:Fantastic. (Score:3, Insightful)
That said, I think that this one is a good example of the unpleasant fact that control doesn't actually have to be very good in order to have its effect(great firewall is perhaps the iconic example). This only gets worse when you consider that any given individual faces dozens to hundreds of impositions of this flavor, each requiring just a little bit of some flavor of knowledge and attention(different ones in different places, though. This one needs a dash of DNS-foo, something inscrutable involving credit cards will require a dash of knowledge of credit law tomorrow, the day after that it'll be something from the phone company about subscriber private information, and so on and so forth). In each individual case, there is arguably a decision being made; but the overall effect is a pretty sad mockery of the notion of choice.
Re:Good Grief (Score:3, Insightful)
Re:easy solution (Score:3, Insightful)
That's great if you have more than one ISPs. For me, cable is the only broadband ISP. If I want others, then I have to go back to dialup!
Re:Good Grief (Score:2, Insightful)
Really? Quick, tell the US Patent and Trademark office!