<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7601.18094"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>They certainly do this for "Amber Alerts".</DIV>
<DIV><BR><BR>>>> Rick Troth <rmt@casita.net> 3/26/2013 5:40 PM >>><BR>Others will know better details than I do,<BR>but it comes to mind that it's *easy* for any provider to insert their<BR>own caching layer between you and the world. Not saying WOW is doing<BR>this, but it's trivial for them to trap all port 80 traffic and serve<BR>up cached content ... or doctored content (or redirection, or<BR>whatever!). Caching is justified by reducing their upstream port 80<BR>burden. (For varying values of "justified".)<BR><BR>Conspiracy theorists unite! :-)<BR><BR>-- R; <><<BR><BR><BR><BR>On Tue, Mar 26, 2013 at 5:12 PM, Rob <res@colnet.cmhnet.org> wrote:<BR>> For the past few days, I have been working on building Mint 14 system<BR>> on a second disk on my main PC. I hate to transition, but my preferred<BR>> OS for the past three years (Ubuntu 10.04) will be going EOL next month<BR>> and I have to do something. Frankly, I've run into a number of problems<BR>> with Mint that I find rather disturbing -- is Mint really being marketed<BR>> as made-for-prime-time? -- but perhaps the most disturbing might not<BR>> even involve Mint, although I'm increasingly suspicious it does.<BR>><BR>> First, I'm a WOW customer for broadband, and have generally been happy<BR>> with them. The Firefox disseminated with Mint comes with several<BR>> add-ons which cannot be removed (at least not easily), although they<BR>> can be disabled. One is "Mint Search Enhancer 1.0" (whatever that is).<BR>> I told Firefox early-on to disable it and it said it did. Mint Firefox<BR>> also does not have a Google option in the search box on the Navigation<BR>> toolbar by default, but it is fairly easy to add it. And that's where<BR>> the trouble starts:<BR>><BR>> When I add Google, and then try to use it to search from the search box,<BR>> I (often, but not always) get redirected to the following website:<BR>><BR>> <A href="http://64.233.232.17/bg/search-col/index.html?policy=1285&q=tab+groups">http://64.233.232.17/bg/search-col/index.html?policy=1285&q=tab+groups</A><BR>><BR>> (Here, I was searching for "tab groups" at the time.) This website<BR>> has WOW branding -- that is, if it returns at all, I often get left<BR>> high and dry -- but no useful information that I can tell, and a<BR>> small opt-out URL at the very bottom. If I opt out, it appears to<BR>> leave me alone for good, i.e., it doesn't seem to rely on a cookie.<BR>> However, if I go to another userid on that machine and again invoke<BR>> Firefox, it's back, so it does seem to be browser dependent.<BR>><BR>> A reverse DNS lookup yields 64-233-232-17.static.nap.wideopenwest.com<BR>><BR>> When I first click on the search box with Google selected as the<BR>> engine, my DNS server sees two google.com inquiries and nothing else.<BR>><BR>> My question: How are they doing this? First, I run my own DNS<BR>> servers on my local LAN. I do not use WOW (or any other external)<BR>> servers for my DNS. A dump of my Bind named cache only shows the<BR>> 64.233.232.17 IP on a reverse lookup which I did. But, it does seem<BR>> to more-or-less happily be serving up the copious lookups that Firefox<BR>> requests of it. So, it would appear to me this cannot be a DNS exploit.<BR>> So, how is it being perpetrated? If I visit Google directly, the browser<BR>> globs onto its https entry, and of course, then I get the real McCoy.<BR>> Even if force a non-encrypted connect, it seems to work OK there.<BR>><BR>> Did Mint serve me a doctored search-engine add-on that redirects my<BR>> queries to WOW? (But, if so, how did they even know I'm a WOW customer?)<BR>> Is WOW doing something really nefarious like masquerading as Google's IP<BR>> addresses on their network and then doing a redirect? Has anyone else<BR>> encountered this? There does seem to be some hits about this when I<BR>> query the search engines, but nothing that comes close to a good<BR>> explanation of that's going on. It's really got me baffled.<BR>><BR>> Any ideas?<BR>><BR>> Rob<BR>> _______________________________________________<BR>> colug-432 mailing list<BR>> colug-432@colug.net<BR>> <A href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</A><BR><BR><BR><BR>-- <BR>-- R; <><<BR>_______________________________________________<BR>colug-432 mailing list<BR>colug-432@colug.net<BR><A href="http://lists.colug.net/mailman/listinfo/colug-432">http://lists.colug.net/mailman/listinfo/colug-432</A><BR></DIV></BODY></HTML>