Researchers detail gaining the ability to generate counterfeit HTTPS certificates and more after buying an expired WHOIS server domain for the .mobi TLD for $20
.mobi top-level-domain managers changed the location of its WHOIS server. No one got the memo.
Ars Technica Dan Goodin
Related Coverage
- We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI watchTowr Labs · Benjamin Harris
- Hackers break .mobi after Whois domain expires Domain Incite · Kevin Murphy
- How $20 and a lapsed domain allowed security pros to undermine internet integrity The Register · Jessica Lyons
- TLS security subverted due to CA use of outdated WHOIS servers CSO · Lucian Constantin
- A Lapsed Domain Can Destroy Secure Internet Comms, Researchers Metacurity · Cynthia B Brumfield
- Wow. This was a /read/. So much work still to be done on basic internet infrastructure. — Exploits using WHOIS: https://labs.watchtowr.com/... @listrophy@ruby.social · Brad Grzesiak
- “We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI” — Great read, thanks a lot. — You should also read this — https://labs.watchtowr.com/... @mcfly@milliways.social
- #infosec not sure whether to make popcorn or cry https://labs.watchtowr.com/... @zwol@hackers.town · Zack Weinberg
- “The results have been fairly stunning since - we have identified 135000+ unique systems speaking to us, and as of 4th September 2024 we had 2.5 million queries. A brief analysis of the results showed queries from (but certainly not limited to): … @Xavier@infosec.exchange
- Old assumptions get built into old code. — When the old assumptions are found lacking, the old code does not get fixed. — https://arstechnica.com/... https://www.troyhunt.com/... @SpaceLifeForm@infosec.exchange
- Great research from @watchtowrcyber on the dangers of expired domain names, happy to support by sinkholing. — Check out their writeup on .mobi at: https://labs.watchtowr.com/... Events reported from 2024-09-11 in our free daily event4_sinkhole network reports ( https://shadowserver.org/... as: … @shadowserver@infosec.exchange
- It's not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But that's exactly what happened recently to Benjamin Harris. … @dangoodin@infosec.exchange · Dan Goodin
- Fun read. But if a lot of WHOIS server addresses are hardcoded, that is going to be an issue when registrars and registries shut down their WHOIS servers on January 25th, 2025. … Theo Geurts
- We spent $20 to achieve RCE and accidentally became the admins of .mobi Hacker News
- We spent $20 to achieve RCE and accidentally became the admins of .MOBI Lobsters
- Rogue WHOIS server gives researcher superpowers no one should ever have Ars OpenForum
Discussion
-
@Cdespinosa@mastodon.social
Chris Espinosa
on mastodon
ALL YOUR CERTS ARE BELONG TO US — https://labs.watchtowr.com/...
-
@rooneymcnibnug@mastodon.social
@rooneymcnibnug@mastodon.social
on mastodon
“For anyone that has ever worked in offensive security, you occasionally get a sinking feeling where you realize something may be a little larger than expected, and you begin to wonder.. ‘what have we broken?’.” https://labs.watchtowr.com/...
-
@standalonesa
Matt Simmons
on x
This is one of the best security writeups I've seen - https://labs.watchtowr.com/...
-
@watchtowrcyber
@watchtowrcyber
on x
In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... https://labs.watchtowr.com/...
-
r/cybersecurity
r
on reddit
Rogue WHOIS server gives researcher superpowers no one should ever have
-
r/technews
r
on reddit
Rogue WHOIS server gives researcher superpowers no one should ever have
-
r/technology
r
on reddit
Rogue WHOIS server gives researcher superpowers no one should ever have