On-Prem

Networks

Baby, I swear it's déjà vu: TalkTalk customers unable to opt out of ISP's ad-jacking DNS – just like six years ago

Have you tried turning it off and on again? Yes!


Updated TalkTalk broadband users are complaining they can't opt out of its Error Replacement Service, which swaps NXDomain DNS results with an IP address. And if that sounds familiar, it should. Users of the budget ISP complained about the very same issue back in 2014.

The Error Replacement Service redirects links to DNS addresses that don't exist, like those created by fat-fingered address bar typos, to a TalkTalk-run webpage. El Reg reader Louis described it thusly:

"If I type a non-existing domain in the browser, instead of getting the proper 'Hmm. We're having trouble finding that site' message, I get a list of 'search results' vaguely linked to the the non-existing domain. This is mildly annoying, as I'd rather not send my typos to some random advertiser," he said.

His woes don't stop there – the "service" also prevents him from logging into his work VPN. "During connection, instead of seeing the login window, I see a TalkTalk-branded page with 'search results' and I can't complete the login process," he complained.

This isn't an isolated problem. The TalkTalk support forum is flooded with similar complaints, no doubt partially thanks to the rise in home working caused by the COVID-19 epidemic.

TalkTalk offers a way to opt out of the service, requiring users to visit a specific web page and then restart their router. But this appears to be somewhat ineffective, with both Twitter and the TalkTalk forum filled with complaints.

"Can anyone tell me why the opting out of the TalkTalk Error Replacement service is not working? I have twice now opted out and twice rebooted router and still I am pestered by this annoying 'Service'," tweeted TalkTalk customers James Hewitt earlier last year.

So far, it seems like the sole silver bullet is to switch to a different DNS provider. In the case of Reg tipster Louis, he used TalkTalk's own non-hijacking server (with the records 62.24.134.1 and 62.24.134.2). Presumably OpenDNS, Cloudflare, or Google Public DNS would work just as effectively.

Other users have reportedly found that replacing their router works just as well – although one would assume this is because a new router would have different DNS records to those issued by TalkTalk itself.

The Register has asked TalkTalk to comment. We haven't heard back yet, but when we do we'll update this story.

Updated on 21 April @ 09.23 GMT to add:

A TalkTalk spokesperson said: “We are aware of an issue with our Error Replacement service and we’re looking to resolve as soon as possible. While some customers may wish to opt-out, the service works as designed and provides further guidance with their online search.” ®

Send us news
90 Comments

Client demo in 30 minutes. Just what could go wrong?

DNS means Do Not Shove under desk

On Call Welcome to a continent-trotting edition of On Call, in which a Register reader takes a trip to sunnier climes only to be let down by a clown in windswept Blighty.

Our hero, whom we shall call Simon though that is not his name, was gainfully employed at a UK telecoms outfit way back in the mid-1990s. Carrying the vaunted title of systems engineer, he was based in the City of London doing pre-sales work for some of the world's biggest finance companies.

High-powered stuff, indeed.

Continue reading

ICANN responds to Ukraine demand to delete all Russian domains

Even if we wanted to, which we don't, we can't, so we won't, says boss

ICANN on Wednesday rebuffed a request from Mykhailo Fedorov, First Vice Prime Minister of Ukraine, to revoke all Russian web domains, shut down Russian DNS root servers, and invalidate associated TLS/SSL certificates in response to the Russian invasion of Ukraine.

Fedorov made his request because Russia's assault has been "made possible mainly due to Russia propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth about the war in Ukraine."

In a publicly posted reply [PDF], Göran Marby, CEO of ICANN, said his organization is an independent technical body charged with overseeing the global internet's DNS and unique identifiers and must maintain neutrality.

Continue reading

Russia acknowledges sanctions could hurt its tech companies

Cuts taxes, offers subsidies, defers military service for developers – and preps for internet isolation

Russia's Ministry of Digital Development has acknowledged that sanctions may send its tech businesses to the wall, and announced a raft of measures designed to stop that happening – among them ending dependency on internet infrastructure hosted offshore and disconnecting from the global internet.

News of the industry support measures comes from an FAQ published by the Ministry on Saturday, which The Register has translated with online services. Among the questions asked is the poser: "What to do if IT specialists massively lose their jobs due to the suspension of the activities of foreign companies or a reduction in the export revenue of Russian developers?"

The answer is that Russia plans a round of subsidies aimed at sparking the development of software it's felt may soon be hard to source or operate. Other measures outlined in the FAQ are the ability to offer jobs to foreign workers without first having visas approved, a zero per cent tax rate for tech companies involved in activities the Kremlin feels are necessary, preferential mortgage rates for techies, and even exemption from military service.

Continue reading

Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers

Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

In brief Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said.

We're told that the vulnerability could be exploited by tricking a subscriber into viewing a malicious webpage. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settings to redirect browsers to malicious sites, reconfigure the gateway, and cause other general mischief and irritation.

This exploitation is non-trivial: it involves luring people to a webpage that uses JavaScript to cause the browser to first use an attacker-controlled DNS server to lookup the IP address for a subdomain to connect to an outside server, then the browser is encouraged to reconnect to the server, the IP address is looked up again, and this time, the subdomain resolves to the local IP address of the router rather than the outside server.

Continue reading

Big Tech's private networks and protocols threaten the 'net, say internet registries

APNIC and LACNIC worry about who will set the rules of future internetworking

The internet remains resilient, and its underlying protocols and technologies dominate global networking – but its relevance may be challenged by the increasing amount of traffic carried on private networks run by Big Tech, or rules imposed by governments.

So says a Study on the Internet's Technical Success Factors commissioned by APNIC and LACNIC – the regional internet address registries for the Asia–Pacific and Latin America and Caribbean regions respectively – and written by consultancy Analysys Mason.

Presented on Wednesday at the 2021 Internet Governance Forum (IGF), the study identifies four reasons the internet has succeeded:

Continue reading

TskTsk: UK ISP TalkTalk told off by regulator over 'misleading' adverts promising fixed price service

Don't claim 'no mid-contract price rises if that was not the case' says ASA

TalkTalk – the Salford-based telco which has more than four million broadband customers – has been ticked off by the UK's Advertising Standards Authority (ASA) following nine separate complaints about misleading ads.

The initial objections centre on two ads – on TV and via email - that ran early in 2020 which talked about a 24-month broadband offer that was "fixed until 2022" or promised "no mid-contract rises."

The ASA intervened when the complainants reported that the price of their broadband packages was to "increase during the fixed contract period" despite the assurances made in the ad.

Continue reading

BT promises firmware update for Mini Whole Home Wi-Fi discs to prevent obsessive Big Tech DNS lookups

Meanwhile users complain their IPs are being flagged for suspicious traffic

Users of BT’s Mini Whole Home Wi-Fi range-extender discs have noticed their devices are making hundreds of thousands of daily DNS lookups for big tech companies’ websites – causing problems for some wanting to access Gmail and Microsoft services.

The huge volume of requests generated by the BT-branded discs has caused problems for some Reg readers after their DNS-lookup-spewing IP addresses were flagged by their DNS providers as hives of malicious activity.

Irritated individuals have told us each of their discs generates one DNS lookup for google.com every second – meaning one disc generates 86,400 lookups a day. For those using three or four discs and a custom DNS server configuration, the impact is enough to get their IP addresses flagged as suspicious, we were told.

Continue reading

If you can't log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage

It's not DNS. There's no way it can be DNS... It was DNS

Updated Unlucky netizens are right now unable to log into Microsoft's online services, including Azure, Teams, Dynamics, and Xbox Live, due to an ongoing global outage.

The IT breakdown is blamed on a DNS issue, and started an hour and a half ago at time of writing. According to the Windows giant's status page:

Continue reading

Just when everyone thought things might be looking up, Dido Harding admits interest in top job at NHS England

Yep. The exec responsible for shambolic Test and Trace programme, and TalkTalk's 2015 mega-breach

Baroness Dido "Queen of Carnage" Harding, former TalkTalk CEO and current head of NHS Test and Trace, is reportedly eyeing the top job at NHS England.

According to The Times, the exec has expressed an interest to various leaders in the healthcare sector. If selected, she would replace Sir Simon Stevens, who has served as CEO of the NHS in England since 2014 and leaves in July.

Speaking on BBC Radio 4's Woman's Hour this morning, Harding acknowledged she was considering applying for the job, but said she had not made a formal application yet.

Continue reading

123 Bork? Six-day DNS record-edit outage at domain name flinger 123 Reg enrages users

It's not DNS. It can't be DNS. It's actually a TITSUP*

Customers of the UK's self-professed #1 provider of domain names, GoDaddy-owned 123 Reg, have had a frustrating few days after finding DNS records disappearing from their dashboards.

The issue is a nasty one as the vanishing of the records prevents users from assigning domain names to IP addresses or making edits. This is quite unfortunate when one considers that registering domain names is what 123 Reg is all about.

Things began to go off the rails as long ago as last Thursday, 5 November, when the company admitted that some customers "may experience issues with DNS management." Not to worry though, the hardworking 123 Reg team was on the case and a fix would be deployed ASAP.

Continue reading

Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

Get your updates when you can for gear from scores of manufacturers

Seven vulnerabilities have been found in a popular DNS caching proxy and DHCP server known as dnsmasq, raising the possibility of widespread online attacks on networking devices.

The flaws, collectively dubbed DNSpooq, were revealed on Tuesday by Israel-based security firm JSOF at the conclusion of a five-month coordinated disclosure period. The bugs are believed to affect products from more than 40 IT vendors, including Cisco, Comcast, Google, Netgear, Red Hat, and Ubiquiti, and major Linux distributions.

JSOF researchers identified three cache poisoning bugs (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) and four buffer overflow bugs (CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, CVE-2020-25681).

Continue reading

Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy

'Adopting these may have legal and policy implications'

Web infrastructure company Cloudflare is pushing for the adoption of new internet protocols it says will enable a "privacy-respecting internet."

These include an updated secure DNS service that hides the identity of the client, a password protocol that means a password is never transmitted to the server, and an encrypted "client hello" that does not leak server names.

Most internet traffic is encrypted today but this is not enough to protect privacy or prevent unwanted profiling and ad targeting. Cloudflare CTO John Graham-Cumming has posted about new protocols that do a better job, but also pose "an enormous challenge for companies that have built a business on aggregating citizens' information in order to target advertising."

Continue reading