Hi, Here's another interesting angle on the Verisign Site Finder Web site. VeriSign has hired a company called Omniture to snoop on people who make domain name typos. I found this Omniture Web bug on a VeriSign Site Finder Web page:
http://verisignwildcard.112.2o7.net/b/ss/verisignwildcard/1/G.2-Verisign -S/s03509671784255?[AQB]&ndh=1&t=17/8/2003%2010%3A39%3A28%203%20240&page Name=Landing%20Page&ch=landing&server=US%20East&c1=www.elinkprocess.com/ html/minibank_1000.html&c2=www.elinkprocess.com/html/minibank_1000.html% 20%2803/00%29&c12=Yes&c13=03&c14=No&c15=00&c16=Yes&c17=15&c22=NOT%20SET& g=http%3A//sitefinder.verisign.com/lpc%3Furl%3Dwww.elinkprocess.com/html /minibank_1000.html%26host%3Dwww.elinkprocess.com&r=http%3A//www.google. com/search%3Fas_q%3Dmini-bank%2B1000%26num%3D100%26hl%3Den%26ie%3DUTF-8% 26oe%3DUTF-8%26btnG%3DGoogle%2BSearch%26as_epq%3D%26as_oq%3D%26as_eq%3D% 26lr%3D%26as_ft%3Di%26as_filetype%3D%26as_qdr%3Dall%26as_occt%3Dany%26as _dt%3Di%26as_sitesearch%3D%26safe%3Dimages&s=1024x768&c=32&j=1.3&v=Y&k=Y &bw=1024&bh=538&ct=lan&hp=N&[AQE] The query string of the URL contains the usual things such as the Web page URL, the referring URL, browser type, screen size, etc. This query string is built on the fly by about 50 lines of JavaScript embedded in the Verisign Web page. The Omniture server sets a cookie so that people can be watched over time to see what typos they are making. Here's a bit more about the Omniture snooping service: http://www.omniture.com/announcement.html Note to Omniture: Yes, I was using Google to research security issues with the Mini-Bank 1000 ATM, but my interests are purely academic. ;-) Richard M. Smith http://www.ComputerBytesMan.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html