Bugtraq mailing list archives
Re: Privacy leak in VeriSign's SiteFinder service #2
From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Wed, 24 Sep 2003 15:45:23 -0400 (EDT)
Verisign does NOT reject the connection until AFTER the MAIL FROM: and RCPT TO: fields have been communicated by your email server.
The "server" they had completely ignored, as far as anyone could tell, all input: you could type total garbage lines and get exactly the same canned sequence of responses. Note the past tense. Now, when I connect there, I get a 521 "greeting", from some host that apparently believes it lives in a new TLD .11 (apparently not content with inventing new .com and .net names, they've now invented a whole new TLD - at least this one they didn't actually put in the DNS): % telnet yyaahhoooo.com 25 Trying 64.94.110.11... Connected to yyaahhoooo.com. Escape character is '^]'. 521 64.94.110.11 Recipient domain does not exist Connection closed by foreign host.
They could (AND SHOULD) REJECT from the initial connection,
Actually, the wildcard shouldn't have been inserted in the first place; when it was, .com and .net should have been immediately handed over to a more ethical custodian. But Verisign doesn't seem willing to remove the wildcard on their own (hardly surprising), and ICANN appears unwilling to do more than scold (depressing, but not really surprising).
Bad, verisign. Very bad.
Well, yes, but we knew _that_ from the day the wildcard went in. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse () rodents montreal qc ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Privacy leak in VeriSign's SiteFinder service Richard M. Smith (Sep 24)
- Privacy leak in VeriSign's SiteFinder service #2 Mark Coleman (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Marco Ivaldi (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Diego Bitencourt Contezini (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Henning Rust (Sep 25)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Niels Bakker (Sep 25)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Marco Ivaldi (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 der Mouse (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Hugo van der Kooij (Sep 24)
- Message not available
- Re: Privacy leak in VeriSign's SiteFinder service #2 Timothy J. Biggs (Sep 25)
- Privacy leak in VeriSign's SiteFinder service #2 Mark Coleman (Sep 24)