Blocking Verisign's Hijack

[Jim Byrd]

Hi R. - You might want to be aware of a real "solution" (rather than just a
block) for the Verisign problem. Get the BindPE Treewalk_Delegate.exe here:
http://ntcanuck.com/Beta/ While you're there, get the ORSC-Root also. You
can read about the basic BindPE here: http://ntcanuck.com/, but the
Treewalk_Delegate is the version you
want to get to solve completely the Verisign problem (at least until
Verisign changes something). Installs cleanly, (and uninstalls the same
way), and works like a charm. You find all of your browsing considerably
speeded up. Very highly recommended. FWIW, you'll find an associated news
group here: news.grc.com/grc.techtalk.dns.bind_pe_beta


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:qhjfnvorj7a7p81jn486osiohmh45o0k62@4ax.com,
siljaline <siljaline@invalid.com> typed:
> HOSTS block.
>
> 127.0.0.1 sitefinder.verisign.com # [verisign]
> 127.0.0.1 sitefinder-idn.versign.com # [verisign]
>
> Firewall block, these IP's 12.158.80.10 - 64.94.110.11
>
> Source, http://www.spywareinfo.net/sep24,2003#verisign

[siljaline]

On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd" <jrbyrd@spamlesscomcast.net>wrote:

>Hi R. - You might want to be aware of a real "solution" (rather than just a
>block) for the Verisign problem. Get the BindPE Treewalk_Delegate.exe here:
>http://ntcanuck.com/Beta/ While you're there, get the ORSC-Root also. You
>can read about the basic BindPE here: http://ntcanuck.com/, but the
>Treewalk_Delegate is the version you
>want to get to solve completely the Verisign problem (at least until
>Verisign changes something). Installs cleanly, (and uninstalls the same
>way), and works like a charm. You find all of your browsing considerably
>speeded up. Very highly recommended. FWIW, you'll find an associated news
>group here: news.grc.com/grc.techtalk.dns.bind_pe_beta

Hi Jim,
I'm trying to convince my ISP to implement the Bind patch, server-side.
Appreciate your feedback but I *really* don't like running anything Beta
Have VeriSign blocked in HOSTS and AdShield...

>news.grc.com/grc.techtalk.dns.bind_pe_beta
Is that on the GRC news-server?

Regards,




--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[YK]

siljaline wrote:
> On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd"
> <jrbyrd@spamlesscomcast.net> wrote:
>
>> Hi R. - You might want to be aware of a real "solution" (rather than
>> just a block) for the Verisign problem. Get the BindPE
>> Treewalk_Delegate.exe here: http://ntcanuck.com/Beta/ While you're
>> there, get the ORSC-Root also. You can read about the basic BindPE
>> here: http://ntcanuck.com/, but the Treewalk_Delegate is the
>> version you
>> want to get to solve completely the Verisign problem (at least until
>> Verisign changes something). Installs cleanly, (and uninstalls the
>> same
>> way), and works like a charm. You find all of your browsing
>> considerably speeded up. Very highly recommended. FWIW, you'll
>> find an associated news group here:
>> news.grc.com/grc.techtalk.dns.bind_pe_beta
>
> Hi Jim,
> I'm trying to convince my ISP to implement the Bind patch,
> server-side.

Hope you can find someone with a clue and sufficient authority to do
something like that at Sympatico?

> Appreciate your feedback but I *really* don't like
> running anything Beta Have VeriSign blocked in HOSTS and
> AdShield...

The current BIND-PE version is: Version 2.0 (SSL 9.6g) - December 4/2002 and
is not beta software. It installs very easy and works very well. Have
been using it for over a year without any problems and really speeds up Web
browsing.

>> news.grc.com/grc.techtalk.dns.bind_pe_beta
> Is that on the GRC news-server?

Yes. The authors are Canadian and hang out a lot in the GRC newsgroups.

[Jim Byrd]

Hi - Yes, that's the GRC news server. As to the Beta - that's mostly a
naming convention with NT and ObiWan. Their Beta's are like most others'
production code, and their released versions are rock solid - never had a
problem of any sort. On their Betas, the only issue that has ever come up
for me was an occasional high CPU usage spurt - never anything that bothered
anything else. FWIW, their install/uninstall is the cleanest I've seen -
like clockwork - just in case you do have a problem. Again, I highly
recommend it to you - the benefits far, far outweigh the risks - the
performance improvement is substantial. One other BTW - you can also use
Bind for AdBlocking.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:e5rgnvcb3i0jq8h3voiqg5gqseb0ik93an@4ax.com,
siljaline <siljaline@invalid.com> typed:
> On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd"
> <jrbyrd@spamlesscomcast.net> wrote:
>
>> Hi R. - You might want to be aware of a real "solution" (rather than
>> just a block) for the Verisign problem. Get the BindPE
>> Treewalk_Delegate.exe here: http://ntcanuck.com/Beta/ While you're
>> there, get the ORSC-Root also. You can read about the basic BindPE
>> here: http://ntcanuck.com/, but the Treewalk_Delegate is the
>> version you
>> want to get to solve completely the Verisign problem (at least until
>> Verisign changes something). Installs cleanly, (and uninstalls the
>> same
>> way), and works like a charm. You find all of your browsing
>> considerably speeded up. Very highly recommended. FWIW, you'll
>> find an associated news group here:
>> news.grc.com/grc.techtalk.dns.bind_pe_beta
>
> Hi Jim,
> I'm trying to convince my ISP to implement the Bind patch,
> server-side. Appreciate your feedback but I *really* don't like
> running anything Beta Have VeriSign blocked in HOSTS and
> AdShield...
>
>> news.grc.com/grc.techtalk.dns.bind_pe_beta
> Is that on the GRC news-server?
>
> Regards,

[siljaline]

On Mon, 29 Sep 2003 22:17:46 GMT, "Jim Byrd" <jrbyrd@spamlesscomcast.net>wrote:

>Hi - Yes, that's the GRC news server. As to the Beta - that's mostly a
>naming convention with NT and ObiWan. Their Beta's are like most others'
>production code, and their released versions are rock solid - never had a
>problem of any sort. On their Betas, the only issue that has ever come up
>for me was an occasional high CPU usage spurt - never anything that bothered
>anything else. FWIW, their install/uninstall is the cleanest I've seen -
>like clockwork - just in case you do have a problem. Again, I highly
>recommend it to you - the benefits far, far outweigh the risks - the
>performance improvement is substantial. One other BTW - you can also use
>Bind for AdBlocking.

I'll give it a look, thanks - I'm reading up on some late-breaking info that I may post
later.

YK - thanks for the input.


--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[Data64]

"Jim Byrd" <jrbyrd@spamlesscomcast.net> wrote in
news:ec2eb.638591$uu5.102282@sccrnsc04:

> One other BTW - you can also use Bind for AdBlocking.
>
How does one use BPE for AdBlocking ? From the grc newsgroup, it sounded
like ad-blocking was not officially supported.


data64

[Jim Byrd]

Hi Data - Well, you're right, I guess - it's probably not "officially"
supported. If you look back, you'll find several quite long threads
concerning this. Basically, you do it by adding some entries in extra.conf
in %systemroot%\system32\dns\etc\ and a couple of other files. See those
threads for the details if you want to.

I would suggest that you don't bother with it. It's kind of a "nerd-toy"
that I mostly posted as a private joke for siljaline. Using a HOSTS file
will do the same thing, and you'll find that it's much easier to manage,
given the variety of good blocking lists available, since it needs to be
updated relatively frequently to keep up with the "bad guys". Here's where
you need to start for that: http://www.mvps.org/winhelp2002/hosts.htm
Since the HOSTS is checked before the DNS client does its thing, it's just
as effective/fast for that purpose and doesn't add much overhead when it's a
non-blocked addy. Just be sure that your HOSTS file is named that way - all
caps, no extension - and that the first non-commented line is 127.0.0.1
localhost (to speed things up).

Sorry, I didn't mean to get anybody all riled up.

There are a number of ways to attack malware, each of varying
cost/capability/usefulness, depending on your particular circumstances -
Restricted Sites/Domains lists
http://www.staff.uiuc.edu/~ehowes/resource.htm, ad blockers such as AdShield
3 http://www.adshield.org/, HOSTS file - see above, bulk loading of
restriced IP lists into ZAP http://www.bluetack.co.uk/convert.html,
appropriate Security settings in your browser
http://www.mvps.org/winhelp2002/unwanted.htm, and specialized software such
as SpywareBlaster http://www.webattack.com/dlnow/rdir.dll?id=105693 and
SpywareGuard http://www.wilders.org/HTMLobj-1622/...rdsetupmin.exe,
etc. - and in my experience a layered combination which is sufficiently
simple to maintain (so that you'll keep it updated) is probably the right
approach, starting of course with a good hardware or software firewall and
multiple AV products (to defense the false positives 8-O ).

Probably more than you wanted to know! :-D

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:Xns9405DF5EC11B3Data64Bigfootcom@130.133.1.4,
Data64 <me@privacy.net> typed:
> "Jim Byrd" <jrbyrd@spamlesscomcast.net> wrote in
> news:ec2eb.638591$uu5.102282@sccrnsc04:
>
>> One other BTW - you can also use Bind for AdBlocking.
>>
> How does one use BPE for AdBlocking ? From the grc newsgroup, it
> sounded like ad-blocking was not officially supported.
>
>
> data64

[Juan Valdez]

How do I add this to AdShield's block list? Do I right click, then click on
"add to blocklist", then type in
http://64.94.110.11 and the same for the other address?



"siljaline" <siljaline@invalid.com> wrote in message
news:e5rgnvcb3i0jq8h3voiqg5gqseb0ik93an@4ax.com...
On Mon, 29 Sep 2003 16:29:36 GMT, "Jim Byrd" <jrbyrd@spamlesscomcast.net>
wrote:

>Hi R. - You might want to be aware of a real "solution" (rather than just a
>block) for the Verisign problem. Get the BindPE Treewalk_Delegate.exe
here:
>http://ntcanuck.com/Beta/ While you're there, get the ORSC-Root also. You
>can read about the basic BindPE here: http://ntcanuck.com/, but the
>Treewalk_Delegate is the version you
>want to get to solve completely the Verisign problem (at least until
>Verisign changes something). Installs cleanly, (and uninstalls the same
>way), and works like a charm. You find all of your browsing considerably
>speeded up. Very highly recommended. FWIW, you'll find an associated news
>group here: news.grc.com/grc.techtalk.dns.bind_pe_beta

Hi Jim,
I'm trying to convince my ISP to implement the Bind patch, server-side.
Appreciate your feedback but I *really* don't like running anything Beta
Have VeriSign blocked in HOSTS and AdShield...

>news.grc.com/grc.techtalk.dns.bind_pe_beta
Is that on the GRC news-server?

Regards,




--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free
time."
- Neil Stephenson, _Cryptonomicon_

[siljaline]

On Mon, 29 Sep 2003 20:26:53 -0400, "Juan Valdez" <grande@trabajo.com> wrote:

>How do I add this to AdShield's block list? Do I right click, then click on
>"add to blocklist", then type in
>http://64.94.110.11 and the same for the other address?

http://mvps.org/winhelp2002/adshield.htm

Maintain block list > add ( .sitefinder. ) and/or ( .verisign. )
(No brackets, Dots on either end of _token_ *required* - -

HTH



--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_