[ Find out how phishers can use

[72gb7w3y]

Because of a bug in the software used to redirect users to these advertising and search pages, Kaminsky was able to get the pages to run his own JavaScript code. With the browser treating this code as if it were from a legitimate domain, Kaminsky was able to steal users' cookies, create fake Web sites that appeared to be hosted on legitimate domains, and even log into certain Web sites without authorization.
A Verizon spokesman said that his company was not using the Barefruit service.
The bug, which was patched earlier this week, underscores a fundamental security risk in the way that some ISPs are attempting to generate advertising revenue from mistyped Web addresses, said Dan Kaminsky, director of penetration testing with IOActive, a security consulting firm.
The vulnerability was in a service called Barefruit, which EarthLink has been using since August 2006 to return Web pages with search terms and advertising to customers who mistype a domain name in their browser.
EarthLink redirect service poses security risk, expert says | Security Central
          April 19, 2008               EarthLink redirect service poses security risk, expert says               Although a specific bug has been patched, the basic approach raises alarms for some          By Robert McMillan | IDGNS                                                Print                                |                  Add a comment                                                                                                                                                     
A vulnerability in servers used by EarthLink to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site, according to a noted Internet security researcher.
Barefruit, which is based in London, operates a service that works with Domain Name Servers (DNSes),You are not allowed to view links. Register or Login, which are used by the browser to translate domain names, such as You are not allowed to view links. Register or Login, into numerical IP addresses. Typically, when a browser asks a DNS server for a nonexistent Internet address -- You are not allowed to view links. Register or Login, for example -- the DNS server returns an error message indicating that no such address exists. With Barefruit's servers, the user is told that the address does exist, and is then sent to a Web page that displays advertising and suggested search terms.
                                                                                                             next page ?12                                                                                  
However, the company did defend its use of the service in 2006,You are not allowed to view links. Register or Login, when it was first introduced.
[ Find out how phishers can use  DNS server redirection to catch unsuspecting users. ]
In a statement, EarthLink confirmed that it had patched Kaminsky's bug,You are not allowed to view links. Register or Login, but did not address the broader security concerns that Kaminsky believes are raised by this model.
EarthLink is not the only ISP to be testing this system. Kaminsky said he found evidence of Barefruit or similar systems being tested on Verizon,You are not allowed to view links. Register or Login, Time Warner, Qwest, and Comcast, which outsources some of its network to EarthLink.
"The security of the entire Web for these ISPs is right now limited by the security of some random ad server run by a British company," he said. "Somebody running an ad server controls the security of You are not allowed to view links. Register or Login. This is not a good situation."
Generating revenue from domain name typos has generated controversy before. In 2003,You are not allowed to view links. Register or Login, domain name registrar VeriSign was forced to disable a similar system called SiteFinder, which redirected Web surfers who had typed nonexistent domains.