<
https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/>
"It’s not every day that a security researcher acquires the ability to generate
counterfeit HTTPS certificates, track email activity, and the position to
execute code of his choice on thousands of servers—all in a single blow that
cost only $20 and a few minutes to land. But that’s exactly what happened
recently to Benjamin Harris.
Harris, the CEO and founder of security firm watchTowr, did all of this by
registering the domain dotmobiregistry.net. The domain was once the official
home of the authoritative WHOIS server for .mobi, a top-level domain used to
indicate that a website is optimized for mobile devices. At some point—it’s not
clear precisely when—this WHOIS server, which acts as the official directory
for every domain ending in .mobi, was relocated, from whois.dotmobiregistry.net
to whois.nic.mobi. While retreating to his Las Vegas hotel room during last
month’s Black Hat security conference in Las Vegas, Harris noticed that the
previous dotmobiregistry.net owners had allowed the domain to expire. He then
scooped it up and set up his own .mobi WHOIS server there."
Punchline:
"“The reality is that this issue exists in various forms (whether it be people
using personal domains that they leave to expire, subsequently being registered
by another individual who then subsequently has access to all accounts of the
previous owner,” Harris told
Ars. “We are of the opinion that this will
continue to be a painful issue that reoccurs as we see the recycling of
infrastructure/domains/etc.”"
Via Dave Farber.
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
