1. floating_domains

DNS/lame_delegation DNS/Domain hijacking

1.1. 気づき

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html

1.2. Subdomain Takeover

Subdomain Takeover: Going beyond CNAME https://0xpatrik.com/subdomain-takeover-ns/

1.3. Route53 Set Up

/route53

1.4. twitter から

https://twitter.com/CheenaBlog/status/1089116229690904576

2016年に似たような指摘をDigitalOceanが受けていた。

これは一度DigitalOceanのアカウントに自分のドメインを追加してその後に削除して, ネームサーバーを変えないままでいると第三者がそのドメインを自分のアカウントに追加できるということだ。 20:01 - 2019年1月26日

1.5. Brian Krebs

https://twitter.com/briankrebs/status/1087904455922728960

Breaking, exclusive: bomb threat, sextortion spammers abused weakness at GoDaddy that led to hijacking of 5,000+ domains from some of the world's most recognizable companies

https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/

11:46 - 2019年1月23日

experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers

https://twitter.com/HagAndSquirrel/status/1087909040984854528?s=20

“A lot of the providers are of the opinion that it’s down to a user mistake and not a vulnerability they should have to fix”

1.6. It's Maddening.

https://twitter.com/H0tdish/status/1088148800785604609

Ahhh *screaming*. Worst part is the relative simplicity of this jack (Vulnerable target, motivated offender, lack of active guardians) & the built in *reputational bypass MO* & how long we've known a/b this & how many provider's *still do not see* the need to fix. It's Maddening.

3:57 - 2019年1月24日

MoinQ: DNS/脅威/共用ゾーンサービス/floating_domains (last edited 2022-10-22 23:55:30 by ToshinoriMaeno)