NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ NNSquad ] Re: Liability issues in ISP-injected ad systems?
- To: Rich Kulawiec <rsk@gsp.org>
- Subject: [ NNSquad ] Re: Liability issues in ISP-injected ad systems?
- From: Kelly Setzer <setzer@liquidchicken.org>
- Date: Mon, 21 Apr 2008 13:44:15 -0500
- Cc: nnsquad@nnsquad.org
Rich Kulawiec wrote:
On Sun, Apr 20, 2008 at 04:07:19PM -0600, Brett Glass wrote:
It is unclear why this would create any more or different vulnerabilities
than one might expect from any other site which contained third party
advertising.
One of the negative consequences of this (although it might arguably
be considered an existing vulnerability) is that failure to properly
return NXDOMAIN breaks any number of anti-spam measures.
Some VPN software depends on NXDOMAIN as a hint to retry a request over
the VPN. Last time I checked, the AEPNetworks SmartPass/SmartGate
product does this.
Another really stunning problem is the consequence of DNS alteration
when mixed with administrative mistakes. A few years ago, Microsoft
inadvertently allowed their passport.net domain to expire. It was
removed from the root servers and access to hotmail.com and other
Microsoft properties was substantially broken. I suspect that Microsoft
would greatly prefer that passport.net be broken while they worked to
renew the domain registration. Having their customers directed to
advertisements they have no relation to or control over would not, in my
mind, be good for their business. The fact that the domain in question
is intimately involved in authentication increases the risk. Six
Apart's typekey identity manager would be similarly affected (typekey.com).
Kelly