Random Bytes...by Ross Rader :: Verisign used Sitefinder to distribute Spyware?

Main Page » Random Bytes » Meta

Previous:	RSS 2.0 Question
Next:	Blogcatalog

by Ross at 12:08PM (MYT) on July 19, 2004 | Permanent Link

Steve Crocker, chair of ICANN Security and Stability Advisory Committee, today briefed the Registrar Constituency on their recent report on Sitefinder. One of the points in Steve's slides floored me.

Apparently, Verisign used the Sitefinder to distribute software to end-user desktops without their knowledge or consent. Digging into the SSAC report a bit deeper, I came across this little gem...

"Analysis of Site Finder revealed that a "web bug" had been embedded in the page so that information about the behavior of users of the page was sent to a company named Omniture, which monitors Web traffic. Information about users of Site Finder was passed off to a third party, again without the consent of the users and perhaps without their knowledge."

I'm utterly stunned.

The Omniture web page boasts a slogan - "Unique questions, precise answers." Here's my unique question - is this appropriate behavior for the custodian of the community resource?

Posted to:

Meta

This work is licensed under a Creative Commons License.

Comments

Re: Verisign used Sitefinder to distribute Spyware?

by George Kirikos on Mon 19 Jul 2004 06:34 AM EDT | Profile | Permanent Link

Folks know I'm no fan of VeriSign, but they certainly did not distribute Spyware. I think Ross is confusing a "web bug" (which is typically a snippet of Javascript or a clear pixel, that allows a 3rd party site to receive a "hit" for statistics, etc) with the "Weather Bug" (www.weatherbug.com) or other EXECUTABLE programs. The web bug would be only in the browser itself, on the relevant pages of Sitefinder, and wouldn't be installed on the desktop, or as a browser "enhancement".

Of course, VeriSign would have had the potential to put more aggressive marketing (including true Spyware) onto Sitefinder, had they been allowed to keep it running.

Re: Re: Verisign used Sitefinder to distribute Spyware?

by Ross on Mon 19 Jul 2004 09:45 PM EDT | Profile | Permanent Link

I'm well aware of the differences between spyware, cookies, etc...

The real explanation has to come from Verisign, not from me. I'm just relating what the SSAC slides and report said - the slides specifically said "spyware". In any event, the mechanics aren't really all that important, are they?

The fact remains, it seems, that Verisign abused the public in ways that we're only now really becoming aware of - and that's just plain wrong.

Trackbacks

TrackBack URL:
http://www.byte.org/blog/_trackback/107762

Weblogs that reference this article:

Verisign used Sitefinder to distribute Spyware?
Weblog:	Ambler On The Net
Excerpt:	Ross Rader writes in Random Bytes :: Verisign used Sitefinder to distribute Spyware? that, "Apparently, Verisign used the Sitefinder to distribute software to end-user desktops without their knowledge or consent."...
Posted:	Mon Jul 19 00:36:35 EDT 2004

Utterly Silly
Weblog:	Free2Innovate.net
Excerpt:	Ross Rader thinks VeriSign used SiteFinder to distribute "spyware" - but George Kirikos says that's not accurate. Kirikos appears to be right on this, but that doesn't mean Rader's misunderstanding isn't spreading amongst the hyper-anti-VeriSign. Kirik...
Posted:	Mon Jul 19 11:50:16 EDT 2004

Utterly Silly
Weblog:	Free2Innovate.net
Excerpt:	Ross Rader thinks VeriSign used SiteFinder to distribute "spyware" - but George Kirikos says that's not accurate. Kirikos appears to be right on this, but that doesn't mean Rader's misunderstanding isn't spreading amongst the hyper-anti-VeriSign crowd....
Posted:	Mon Jul 19 11:52:54 EDT 2004