先日のエントリでISPによるサブドメインのハイジャック問題について書いたが、ToorCon Seattleで、Dan Kaminskyさんがこの問題を取り上げて発表したらしい。発表資料が公開されている。

ISP typo pimping exposes users to fraudulent web pages • The Register

Comcast, Verizon and at least 70 other internet service providers are putting their customers at serious risk in their quest to make money from mistyped web addresses, security researcher Dan Kaminsky says.
Speaking at the ToorCon security conference in Seattle, Kaminsky demonstrated an exploit class he dubbed PiTMA, short for provider-in-the-middle attacks. A variation of man-in-the-middle attacks, it stole authentication cookies and injected arbitrary content into trusted web pages by exploiting weaknesses in an ad server Earthlink used when returning results for non-existent addresses.

資料を見ると、こういうお行儀の悪いISPは他にもいくつかあるようだ。