HackrNews

There are no ethics in business anymore! Those who thought that MNCs in India would be more ethical are smoking pot! Here is an interesting and a distasteful hijacking of the domain by Vodafone of Airtel’s domain name. Type Airtel.com   and you will be directed to www.vodafone.es ! Domain Squatting in not uncommon but this is a little too cheeky and unprofessional.

Huzaifa Das suggests in a desecrates group email that this is because Vodafone bought out Airtel’s Spain operations. Airtel had won a license to operate in Spain . In the last line, she has a valid point!

Try www.Airtel.es  that will also redirect to www.Vodafone.es ! Vodafone or Badfone huh??

All this three domains r registered and hosted with  Verio Inc. http://www.verio.com/

Domain Squatting Explained

I think no more we will have airtel’s mistake or surprise postings!!!

follow the link for me explanation u can ping me!

http://ezinearticles.com/?Domain-Squatting-Explained&id=50564

Goggle.com is a classic and great example of domain squatting — whether you like it or not.

The domain was first registered in 2003, only six years after Google.com was first registered. Sure, it’s quite possible Google just didn’t think about this in the first place and got sloppy, but either way, goggle.com is owned by someone other than Google Inc.

Stats prove that day in and day out, Internet users around the world type in the wrong domain. Google receives hundreds of millions of hits per day, seems like a decent amount of that traffic actually goes to the wrong domain.

So what is goggle.com doing to monetize that typo type-in traffic? “Free” offers provided by FluxAds, which then redirects you to a MyExclusiveRewards partner page. Seems like these “free” offers were a huge success, one year ago, but now they are worthless and it’s so hard to actually make them work now.

An anonymous reader alerts us to a murder trial in New Jersey in which Google and MSN searches were used against a woman accused of killing her husband. In the days before the murder, prosecutors say the defendant searched for “How To Commit Murder,” “instant poisons,” “undetectable poisons,” “fatal digoxin doses,” and gun laws in New Jersey and Pennsylvania. Her husband was killed with a gun procured in Pennsylvania. The crime occurred in 2004; of course, people now know to be careful about their searches.

Source Slashdot.com

The attack is referred to as ‘anti-anti-anti DNS pinning’

Google Inc.’s PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, which could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire Corp. said they had found a flaw that could allow attackers to read files or run unauthorized software on systems running Google Desktop.

As with Watchfire’s bug, attackers would first need to exploit a cross-site scripting flaw in the Google.com Web site for this latest attack to work, but the consequences could be serious, according to Robert Hansen, the independent security researcher who first reported the attack. “All of the data on a Google desktop can now be siphoned off to an attacker’s machine,” he said.

Cross-site scripting flaws are common Web server vulnerabilities that can be exploited to run unauthorized code within the victim’s browser.

Hansen, who is CEO of Sectheory.com LLC, did not post proof-of-concept code for his attack, but he said that he has “tested every component of it, and it works.

Google said it is investigating Hansen’s findings. “In addition, we recently added another layer of security checks to the latest version of Google Desktop to protect users from vulnerabilities related to Web search integration in the future,” the company said in a prepared statement.

Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security Inc. The variation of this attack described by Hansen manipulates the way the browser works with the Internet’s DNS in order to trick the browser into sending information to an attacker’s computer.

“Once you can re-point Google to another IP address, instead of Google getting the traffic, the bad guy does,” he said.

Because this type of attack is so difficult to pull off and poorly understood, it is unlikely to be used by the criminals any time soon, Grossman said. But anti-DNS pinning shouldn’t be ignored, he added. “We should keep our eyes on it in case the bad guys shift gears.”

News of the attack comes as Google is trying to enter the desktop productivity market. On Thursday, Google launched a suite of Web-based collaboration software, called the Google Apps Premier Edition, which analysts say could become a competitor to Microsoft Office.

The troubling thing about the attack Hanson identified, which he calls “anti-anti-anti DNS pinning,” is that very little can be done to avoid it, short of eliminating cross-site scripting vulnerabilities on the Web.

“This is really just fundamentally about how browsers work,” he said. “If you allow a Web site to have access to your drive — to modify to change things, to integrate or whatever — you’re relying on that Web site to be secure.”

Hansen and Grossman said Google is not the only company vulnerable to a growing category of Web-based attacks. For instance, MySpace.com was hit when a fast-moving worm spread through the MySpace community in early December, stealing MySpace log-in credentials and promoting adware Web sites.

“A lot of these new attack techniques are going to require the browsers to improve,” Grossman said. “The users really have very little ability to protect themselves against these attacks,” he said. “It’s very bad. Even the experts are afraid to click on each other’s links anymore.”