dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3418

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail

Premium Member

MarkMonitor accumulates Internet Power - to what end?

MarkMonitor started out as an Internet Brand Protection Service.
Pay for their services and they'd go pummeling folks w/ similar domains to yours, registering *sucks.com domains, etc.

More recently, they perform ICE-like corporate protection of tradmarks and IP.
In 2010 they acquired anti-Piracy software company DtecNet, in order to take a more direct (again, ICE-Like) role in taking down copyright infringement.

What's curious is how they've placed themselves among internet titans
and
some of the abilities they've acquired in the process.
said by USCyberLabs :

MarkMonitor Internet Kill Switch Or Wiretapping?

Recently run any whois queries on Google? No? How about Facebook? MSN, or Hotmail? Yahoo? You might be surprised, comparing the results.

Nice, innit? See the “Last Updated” part also.

Domain Name: google.com
Updated: 4 hours ago - Refresh

Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: »www.markmonitor.com
Status: clientDeleteProhibited, clientTransferProhibited, clientUpdateProhibited, serverDeleteProhibited, serverTransferProhibited, serverUpdateProhibited

Expiration Date: 2020-09-14
Creation Date: 1997-09-15
Last Update Date: 2011-07-20

The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these DNS names under its control for several months now.

They also control the Wikimedia name services, even though that doesn’t show up on the Wikimedia.org whois record. There are many others.
Apple.com falls under their jurisdiction, as does ubuntu.com. Nokia.com? Yep, under MarkMonitor. See a pattern here?

MarkMonitor is also a trusted Certificate Authority; they have, in essence, the means to fabricate safe-looking SSL connections for you, to whichever host they want.
Your browser will not sound any warnings of possible man-in-the-middle attacks.

MarkMonitor is a company that can own most people’s “Internet” in minutes.
It now controls all three top free e-mail providers directly, and I suppose it’s safe to say, most currently active social media sites too.

See for yourself. Whois yahoo.com, whois google.com, whois gmail.com, whois facebook.com, whois fbcdn.com, whois hotmail.com, whois msn.com… the list seems endless.

How’d all this happen?

This company has acquired complete access to monitor, eavesdrop, censor and fake any user of these popular Internet services in about one year (2011).

In almost complete silence.

For several of the sites, it also provides “firewall proxy” services, which means it is actually paid to intercept all communications. In and out.

Looks like a new 400lb gorilla has quietly slipped into the room.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Noah Vail:

said by USCyberLabs :

MarkMonitor Internet Kill Switch Or Wiretapping?

MarkMonitor is also a trusted Certificate Authority; they have, in essence, the means to fabricate safe-looking SSL connections for you, to whichever host they want.
Your browser will not sound any warnings of possible man-in-the-middle attacks.

Looks like a new 400lb gorilla has quietly slipped into the room.

You agree that MarKMonitor can fabricate safe-looking SSL connections to my banking site
»www.boh.com/small-busine ··· ndex.asp
that will trick my browser into believing it's @
»www.boh.com/small-busine ··· ndex.asp
when in fact it is not?
nonymous (banned)
join:2003-09-08
Glendale, AZ

nonymous (banned) to Noah Vail

Member

to Noah Vail
If Markmonitor started fabricating things those companies didn't agree to what is to stop all those companies instantly pulling their domains or any control thereof from Markmonitor?

If the gorilla as you call it starts abusing it's power in any way those companies do not like or their customers scream at them about wouldn't Markmoniter get dumped like a hot potatoe.

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail to Snowy

Premium Member

to Snowy
said by Snowy:

You agree that MarKMonitor can fabricate safe-looking SSL connections to my banking site
»www.boh.com/small-busine ··· ndex.asp
that will trick my browser into believing it's @
»www.boh.com/small-busine ··· ndex.asp
when in fact it is not?

I wouldn't say that scenario is in harmony with their current business models.

MM provides internet "image protection", copyright and IP enforcement for major corporations.

Any certificate spoofing they might perform would likely be to secure the interests of the deep pockets that fund them.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Noah Vail:

said by Snowy:

You agree that MarKMonitor can fabricate safe-looking SSL connections to my banking site
»www.boh.com/small-busine ··· ndex.asp
that will trick my browser into believing it's @
»www.boh.com/small-busine ··· ndex.asp
when in fact it is not?

I wouldn't say that scenario is in harmony with their current business models.

My question went to the technical issue not the ethical issue.

Noah Vail
Oh God please no.
Premium Member
join:2004-12-10
SouthAmerica

Noah Vail

Premium Member

said by Snowy:

My question went to the technical issue not the ethical issue.

It is technically possible?
In theory it is. It's mind bogglingly unlikely, however.
Frodo
join:2006-05-05

Frodo to Snowy

Member

to Snowy
said by Snowy:

My question went to the technical issue not the ethical issue.

Yes, they could fabricate the certificate if your browser trusts their root certificate, but there is another piece that they would have to do.

They would have to alter the DNS resolution of the domain to direct your browser to the fake site, instead of the real one. This could happen by tricking the DNS provider to resolve to the ip address of the fake site. Alternatively, if they managed to place an entry in the computer's host file, the browser could be directed to the fake site.

So, as far as I can tell, there are two pieces, (1.) fake certificate, and (2.) alter DNS.

KodiacZiller
Premium Member
join:2008-09-04
73368

2 recommendations

KodiacZiller to Noah Vail

Premium Member

to Noah Vail
I think it's much ado about nothing. Markmonitor has several functions, not only IP protection. They also are a domain registrar. This guy debunks the whole thing and explains what is really going on.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to Noah Vail

Premium Member

to Noah Vail
Would a look at the spoofed or proxied SSL certificate show it's from Geotrust (the legit issuer) or would it display as some other issuer?

I always check the issuer of sensitive sites to verify that it's the proper issuer before submitting credentials.

I'm reminded of Comscore/Marketscore when they slipped a proxy in the middle when somebody downloaded one of their "free" PC utilities.

Here's a post I made awhile back - I wonder if anything has changed regarding SSL substitution.
»Re: Cheap GPUs are rendering strong passwords useless

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by EGeezer:

I'm reminded of Comscore/Marketscore when they slipped a proxy in the middle when somebody downloaded one of their "free" PC utilities.

Don't get me started again on Comscore/Marketscore et al.

It is interesting to note that those organizations and their subsidiaries are using MarkMonitor registered domains. However, that does not necessarily mean that MarkMonitor is guilty of any of their transgressions (but still, it is interesting).
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Snowy

Premium Member

to Snowy
BOH online banking doesn't use Geotrust. (Geotrust is for the main site). It uses Verisign. I have NEVER accessed BOH logged in via the main site. I always use »cibng.ibanking-services. ··· 21301028. I would assume if you do use the main BOH site to login to online banking that you would get the Verisign cert at that time.

I've had BOH online banking from the very beginning back sometime toward the end of 1999. I have the original portfolio BOH sent me but it doesn't have a date on it (and I didn't keep the cover letter and other instructions). I think I recall BOH was the first major bank in the nation to do online banking and they were quite proud of it and I was excited to be in on the first wave of online banking. Then Chase, I think, was second because I got online banking with them in late 1999. BOH's was always good (unless you access late on any evening and then you get absolute wacko stuff and cannot make any sense of your accounts). Chase's was horrible for years. And First Hawaiian is so terrible (website and online banking) that I won't use it.

Trihexagonal5
join:2004-08-29
US

Trihexagonal5 to Noah Vail

Member

to Noah Vail
I just happened to notice 2 blocked entries from MarkMonitor in my pfSense firewall logs yesterday.

It was the first time I'd ever heard of them and was surprised to see them mentioned here.