Blocking Verisign's Hijack

[siljaline]

HOSTS block.

127.0.0.1 sitefinder.verisign.com # [verisign]
127.0.0.1 sitefinder-idn.versign.com # [verisign]

Firewall block, these IP's 12.158.80.10 - 64.94.110.11

Source, http://www.spywareinfo.net/sep24,2003#verisign


--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[|3iff //ullins]

lucat bene, der siljaline <siljaline@invalid.com> goh, a hunnert truxx
inero, sumwit kowz n' sumwit duxx on Mon, 29 Sep 2003 02:26:39 -0400:

>HOSTS block.
>
>127.0.0.1 sitefinder.verisign.com # [verisign]
>127.0.0.1 sitefinder-idn.versign.com # [verisign]
>
>Firewall block, these IP's 12.158.80.10 - 64.94.110.11
>
>Source, http://www.spywareinfo.net/sep24,2003#verisign
>
good infos.

i read somewhere else that it was a good idea to also add
sitefinder.verisgn.com to the 'restrcted sites' list in msie and set
the security for that zone to high. supposedly, that nullifies the
chance for sitefinder to send you cookies. or does the firewall ip
block pretty much do the same thing?

--
carpe carpum
(seize the fish)

[siljaline]

On Mon, 29 Sep 2003 06:55:14 GMT, "|3iff //ullins" <biff.mullins3@3premeditatedfun.com>
wrote:

>good infos.
>
>i read somewhere else that it was a good idea to also add
>sitefinder.verisgn.com to the 'restrcted sites' list in msie and set
>the security for that zone to high. supposedly, that nullifies the
>chance for sitefinder to send you cookies. or does the firewall ip
>block pretty much do the same thing?

HOSTS and Firewall IP block are the best way to go.
You may also change your HOSTS file, if you are running one to a "read-only" attribute,
this prevents hijacks of your HOSTS file, which is becoming common.



--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[|3iff //ullins]

lucat bene, der siljaline <siljaline@invalid.com> goh, a hunnert truxx
inero, sumwit kowz n' sumwit duxx on Mon, 29 Sep 2003 03:05:37 -0400:

>On Mon, 29 Sep 2003 06:55:14 GMT, "|3iff //ullins" <biff.mullins3@3premeditatedfun.com>
>wrote:
>
>>good infos.
>>
>>i read somewhere else that it was a good idea to also add
>>sitefinder.verisgn.com to the 'restrcted sites' list in msie and set
>>the security for that zone to high. supposedly, that nullifies the
>>chance for sitefinder to send you cookies. or does the firewall ip
>>block pretty much do the same thing?
>
>HOSTS and Firewall IP block are the best way to go.
>
gotcha. thanks for the info.

>You may also change your HOSTS file, if you are running one to a "read-only" attribute,
>this prevents hijacks of your HOSTS file, which is becoming common.
>
will do that. my hosts file mysteriouslly shrank from 150k to
something like 34k just recently. read-only it shall be now.

take care!

--
there's no plate like chrome...
there's no plate like chrome...

[Robin T Cox]

siljaline <siljaline@invalid.com> wrote in
news:qhjfnvorj7a7p81jn486osiohmh45o0k62@4ax.com:

> 127.0.0.1 sitefinder-idn.versign.com # [verisign]

Sorry to be picky, but there's a typo in the 'versign.com' - this should be
'verisign'.

[Roy]

In article <b5mfnv0sn50nsgkgkal6k8ia71bk6f8fdt@4ax.com>,
siljaline@invalid.com says...

> You may also change your HOSTS file, if you are running one to a =
> "read-only" attribute,
> this prevents hijacks of your HOSTS file, which is becoming common.

But it wouldn't be too difficult for that attribute to be changed
without your knowledge.

Another line of defence, but not insurmountable.

Cheers,

Roy

[siljaline]

On Mon, 29 Sep 2003 10:21:07 GMT, Robin T Cox <robin2803@hotmail.com> wrote:

>Sorry to be picky, but there's a typo in the 'versign.com' - this shouldbe
>'verisign'.

Yes, Robin - you got me there, the Spywareinfo article was write or copy protected and I
had to type it in verbatim.

Not being picky, thanks for the correction, wouldn't want folks adding redundant
information to their HOSTS file, now would we



--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[Jim Byrd]

Hi R. - You might want to be aware of a real "solution" (rather than just a
block) for the Verisign problem. Get the BindPE Treewalk_Delegate.exe here:
http://ntcanuck.com/Beta/ While you're there, get the ORSC-Root also. You
can read about the basic BindPE here: http://ntcanuck.com/, but the
Treewalk_Delegate is the version you
want to get to solve completely the Verisign problem (at least until
Verisign changes something). Installs cleanly, (and uninstalls the same
way), and works like a charm. You find all of your browsing considerably
speeded up. Very highly recommended. FWIW, you'll find an associated news
group here: news.grc.com/grc.techtalk.dns.bind_pe_beta


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:qhjfnvorj7a7p81jn486osiohmh45o0k62@4ax.com,
siljaline <siljaline@invalid.com> typed:
> HOSTS block.
>
> 127.0.0.1 sitefinder.verisign.com # [verisign]
> 127.0.0.1 sitefinder-idn.versign.com # [verisign]
>
> Firewall block, these IP's 12.158.80.10 - 64.94.110.11
>
> Source, http://www.spywareinfo.net/sep24,2003#verisign

[siljaline]

On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd" <jrbyrd@spamlesscomcast.net>wrote:

>Hi R. - You might want to be aware of a real "solution" (rather than just a
>block) for the Verisign problem. Get the BindPE Treewalk_Delegate.exe here:
>http://ntcanuck.com/Beta/ While you're there, get the ORSC-Root also. You
>can read about the basic BindPE here: http://ntcanuck.com/, but the
>Treewalk_Delegate is the version you
>want to get to solve completely the Verisign problem (at least until
>Verisign changes something). Installs cleanly, (and uninstalls the same
>way), and works like a charm. You find all of your browsing considerably
>speeded up. Very highly recommended. FWIW, you'll find an associated news
>group here: news.grc.com/grc.techtalk.dns.bind_pe_beta

Hi Jim,
I'm trying to convince my ISP to implement the Bind patch, server-side.
Appreciate your feedback but I *really* don't like running anything Beta
Have VeriSign blocked in HOSTS and AdShield...

>news.grc.com/grc.techtalk.dns.bind_pe_beta
Is that on the GRC news-server?

Regards,




--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[YK]

siljaline wrote:
> On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd"
> <jrbyrd@spamlesscomcast.net> wrote:
>
>> Hi R. - You might want to be aware of a real "solution" (rather than
>> just a block) for the Verisign problem. Get the BindPE
>> Treewalk_Delegate.exe here: http://ntcanuck.com/Beta/ While you're
>> there, get the ORSC-Root also. You can read about the basic BindPE
>> here: http://ntcanuck.com/, but the Treewalk_Delegate is the
>> version you
>> want to get to solve completely the Verisign problem (at least until
>> Verisign changes something). Installs cleanly, (and uninstalls the
>> same
>> way), and works like a charm. You find all of your browsing
>> considerably speeded up. Very highly recommended. FWIW, you'll
>> find an associated news group here:
>> news.grc.com/grc.techtalk.dns.bind_pe_beta
>
> Hi Jim,
> I'm trying to convince my ISP to implement the Bind patch,
> server-side.

Hope you can find someone with a clue and sufficient authority to do
something like that at Sympatico?

> Appreciate your feedback but I *really* don't like
> running anything Beta Have VeriSign blocked in HOSTS and
> AdShield...

The current BIND-PE version is: Version 2.0 (SSL 9.6g) - December 4/2002 and
is not beta software. It installs very easy and works very well. Have
been using it for over a year without any problems and really speeds up Web
browsing.

>> news.grc.com/grc.techtalk.dns.bind_pe_beta
> Is that on the GRC news-server?

Yes. The authors are Canadian and hang out a lot in the GRC newsgroups.