Web Hosting Articles

  Home arrow Web Hosting Articles arrow Page 3 - Are ISPs Profiting at the Expense of Y...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Are ISPs Profiting at the Expense of Your Security?
By: Joe Eitel
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5

    Table of Contents:
  • Are ISPs Profiting at the Expense of Your Security?
  • The Controversy
  • The Security Threat Still Exists
  • Responses from Earthlink and Barefruit

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    Are ISPs Profiting at the Expense of Your Security? - The Security Threat Still Exists

    (Page 3 of 4 )

    Youíre still probably thinking that everything is secure, but not necessarily. Security is based on Barefruitís servers. Unfortunately, these servers werenít that secure. This was primarily due to the fact that Barefruit neglected to perform vital web programming methods. As a result, this caused servers to be exposed and susceptible to malicious JavaScript assaults. Subscribers to both Earthlink and Comcast were also vulnerable.

    Both hackers and phishers could have had a field day, spreading all kinds of attacks, including grabbing cookies or creating unique links to non-existent sub-domains that belong to genuine websites. Another attack that hackers could have created was to send spam e-mail messages to Earthlink and Comcastís subscribers. The e-mail message could include a link to a web page for money.paypal.com. You, still thinking it is PayPal, click on the link and go to the website. But itís actually the hackerís website. You enter your username and password. The hacker intercepts and steals your personal information.

    Dan Kaminsky, a security researcher at IOActive, detected this security gap. He communicated this to both Earthlink and Barefruit. Kaminsky immediately and quietly solved this problem. However, Kaminsky warns that the danger still exists. Thatís because ISPs continue to interject their non-existent sub-domains into the legitimate domains. Also, the domain owners are essentially dependent on Barefruitís ad servers, which were once again, not completely secure at first. Barefruit however has since corrected its JavaScript problems.

    To prove there is still an underlying threat, however, Kaminsky performed a demonstration. Kaminsky discovered how to place a YouTube video of Rick Astley, a popular 80s singer, into the domains of both PayPal and Facebook. What Kaminsky wanted to show was how a black hat hacker (a hacker with malicious or criminal intent) could implant a Trojan horse that steals usersí passwords. The hacker can do several things, including posing as a logged-in user, sending out e-mail messages, or adding people to the userís Facebook account.

    As previously stated, ISPs continue to interject their content into web pages. It seems to be a widespread business practice. For example, Network Solutions, which is one of the largest and best-known domain name registrars, was exposed for interjecting links of non-existent sub-domains into websites that customers owned. Network Solutions wasnít the only one implementing this controversial practice, but other popular ISPs, including Verizon, Time Warner, Quest, and Comcast are doing it as well.

    Because these large ISPs see this policy as a moneymaker, Kaminsky believes that theyíre not as focused on the security threat. As a result, every website on the Internet is exposed to this threat and the owners have no control over it. Kaminsky has communicated with Internet companies about this potential security hole. Needless to say, they are not happy about it.

    Kaminsky also mentioned that this policy can infringe upon Net Neutrality rights. Others have also criticized this policy. Paul Vixie, president of the nonprofit Internet Systems Consortium, believes that if users go to the website that does not exist, they should see an error message.

    More Web Hosting Articles Articles
    More By Joe Eitel


    - Top Wordpress Plugins for SEO
    - Top Drupal Evaluation and Rating Modules
    - Free Network Monitoring Programs for Max Per...
    - E-store Hosting: Free Options for Beginners
    - Dropbox: The Ultimate File-Sharing and Synci...
    - Reviewing the Best Free Web Hosting Sites
    - Businesses Turn to Reseller Web Hosting for ...
    - Multiple Data Center Hosting
    - Web Hosting Goes Green
    - Web Hosting Technology Overview
    - Collaborate: An Examination of Tools for Gro...
    - Social Networking Security
    - Domain Names 101
    - Top Software to Help Manage Your Websites
    - The Evolution of Phishing

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap