Subj : One small tweak gave researchers a powerful web domain ability th To : All From : TechnologyDaily Date : Thu Sep 12 2024 19:30:05 One small tweak gave researchers a powerful web domain ability that could prove incredibly useful for hackers Date: Thu, 12 Sep 2024 18:21:00 +0000 Description: What happens when an important domain expires, and a malicious actor grabs it? FULL STORY ====================================================================== A cybersecurity researcher recently stumbled upon an Internet vulnerability allowing him to track peoples email, run code on servers, and even counterfeit HTTPS certificates - in fact, it gave him so many options, it has been described as having superpowers. The vulnerability is quite a simple one in nature - an expired domain, still being pinged by numerous servers. The domain in question is dotmobiregistry.net - which used to host the WHOIS server for .mobi. A WHOIS server provides information about the registration details of domain names and IP addresses. It is part of the WHOIS protocol, used to query databases that store the ownership and registration information of domain names and network resources on the internet. On the other hand, .mobi was a top-level domain (TLD) specifically designed for websites intended to be accessed via mobile devices. It was launched in 2006, and designed to ensure that websites hosted under this domain are optimized for mobile viewing. Moving the WHOIS server At some point, and no one seems to know when or why, the WHOIS server was moved from whois.dotmobiregistry.net, to whois.nic.mobi. When the CEO and founder of security firm watchTowr, Benjamin Harris, discovered this, he purchased the domain and used it to set up an alternate .mobi WHOIS server. Over the next couple of days, Harris doppelganger received millions of queries from hundreds of thousands of systems, including domain registrars , governments, universities, and others. This allowed him, for example, to dictate who gets TLS certificates. Now that we have the ability to issue a TLS/SSL cert for a .mobi domain, we can, in theory, do all sorts of horrible thingsranging from intercepting traffic to impersonating the target server, Harris said in a technical write-up. Its game over for all sorts of threat models at this point. While we are sure some may say we didnt prove we could obtain the certificate, we feel this wouldve been a step too farso whatever. Via Ars Technica More from TechRadar Pro US Authorities Issue RansomHub Ransomware Alert Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/one-small-tweak-gave-researchers-a-powe rful-web-domain-ability-that-could-prove-incredibly-useful-for-hackers --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .