Archive

Posts Tagged ‘hijack’

Rogers Cable Hijacks Browser Traffic

July 26th, 2008 1 comment

Previously I've blogged on Comcast hijacking Live Search Results. That didn't affect me, but I felt it was worth sharing... This time I'm affected. Rogers Cable is my ISP... today I sat down and opened Firefox, planning to visit a site I enjoy, AntiOnline.com. I accidently typed antionline and hit enter without adding the .com... now normally this wouldn't be a problem.... except today it was, I ended up at a Rogers search engine (powered by Yahoo). I looked at the page briefly and found an opt-out button, however the opt-out button simply means I won't get the search results... they still hijack the text I pass my browser. I typed in antionline again and hit enter, this time I ended up at http://www20.search.rogers.com/not_found. I was rather confused, so I opened up a command prompt and tested with netcat. Check this out

C:\Documents and Settings\treguly>nc antionline 80
GET / HTTP/1.0

HTTP/1.1 404 Not Found
Content-type: text/html

<html><head>
<title>404 Not Found</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script>
 var value;
 value = 'se';
 document.location = 'htt' + 'p://www20.'
 + 'search.rogers.com/' + value + 'arch?qg=%20&r' +
 'n=oVbVbPY7LO34d36';
</script>
</head>
<body>404 Not Found</body></html>

I can't believe they are doing this. I called Rogers and got to speak to a foreign call center (what a joy that always is... ) After about 5 minutes of explaining to the guy that I didn't need step by step explanations from him on how to opt-out and explaining to him that the service to opt-out only sets a cookie, it doesn't delete one. He finally announced that they were simply hijacking DNS queries and that any NXDomain was sent there. If I were to change my DNS server then I would no longer have this issue. I think it's time to start using my own internal DNS server. I'm sure if I pressed the matter I'd be told that this is, in some way, a partial solution to Kaminsky's DNS vuln. To me... it's a pain in the ass... get rid of it.

I figured I'd switch to OpenDNS, so I dropped the OpenDNS servers into my m0n0wall install and tried to make use of them. I've only ever used OpenDNS from the command line but surprise surprise... in your browser, the exact same thing happens... You get a nice search results page. Why does everyone feel the need to make money off my typos? What happened to the good old days, where you could type 'antionline' in your browser and it would automatically end up at 'antionline.com', I miss those days...

We need to stop making the Internet easier for the stupid and incompetent... it just encourages them to use it. Let me find out that I've got a typo, let me type in shortcuts... let me mix the two and end-up at a phishing site. That's my problem... Something is going to make me go... 'D0h!' and realize my typo. If we got rid of the stupid people... the ones who buy from spam, the ones who are taken by phishing sites... then spammers and phishers wouldn't exist... So let's stop turning the internet into the internet for dummies and instead just keep the dummies off the internet.

Now I have to go and build my own DNS server so that things function the way they should and not the way the idiots need them to to avoid being taken advantage of.

Well... I guess that was a bit of a rant... but I find it frustrating... very very frustrating.

Categories: IT, Personal Tags: , , ,