1. floating_domains
| /DigitalOcean /route53 |
DNS/lame_delegation DNS/Domain hijacking
Contents
1.1. 気づき
Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System
- 漂流中という意味か。(digital ocean だから。)
1.2. Subdomain Takeover
Subdomain Takeover: Going beyond CNAME https://0xpatrik.com/subdomain-takeover-ns/
1.3. Route53 Set Up
1.4. twitter から
https://twitter.com/CheenaBlog/status/1089116229690904576
2016年に似たような指摘をDigitalOceanが受けていた。
これは一度DigitalOceanのアカウントに自分のドメインを追加してその後に削除して, ネームサーバーを変えないままでいると第三者がそのドメインを自分のアカウントに追加できるということだ。 20:01 - 2019年1月26日
1.5. Brian Krebs
https://twitter.com/briankrebs/status/1087904455922728960
Breaking, exclusive: bomb threat, sextortion spammers abused weakness at GoDaddy that led to hijacking of 5,000+ domains from some of the world's most recognizable companies
https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/ …
11:46 - 2019年1月23日
experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers
https://twitter.com/HagAndSquirrel/status/1087909040984854528?s=20
“A lot of the providers are of the opinion that it’s down to a user mistake and not a vulnerability they should have to fix”
1.6. It's Maddening.
https://twitter.com/H0tdish/status/1088148800785604609
Ahhh *screaming*. Worst part is the relative simplicity of this jack (Vulnerable target, motivated offender, lack of active guardians) & the built in *reputational bypass MO* & how long we've known a/b this & how many provider's *still do not see* the need to fix. It's Maddening.
3:57 - 2019年1月24日