Back in the good old days, if you mistyped a web address, your browser would give you a nice “Server Not Found” message. But there is money to be made in typos, and ISPs like Earthlink can’t resist trying to sell that “not found” real estate.
PC World, in EarthLink Redirect Service Poses Security Risk, Expert Says, reports that”
A vulnerability in servers used by EarthLink to handle mistyped Web page requests may have allowed attackers to launch undetectable phishing attacks against any Internet site. . . Because of a bug in the software used to redirect users to these advertising and search pages, Kaminsky was able to get the pages to run his own JavaScript code. With the browser treating this code as if it were from a legitimate domain, Kaminsky was able to steal users’ cookies, create fake Web sites that appeared to be hosted on legitimate domains, and even log into certain Web sites without authorization.
If you catch your ISP doing this - complain! But make sure that its the ISP’s doing. Almost every typo under seven letters has ben registered by someone. Check out: asdasd.com.
