[dns-operations] More detail on the EA/Origin "subdomain hijack"?
Daniel Stirnimann
daniel.stirnimann at switch.ch
Thu Jun 27 07:00:44 UTC 2019
I did a little research on this in 2017 [1]. I have not seen any cloud provider trying to prevent this kind of attack. In my experience AWS is better then most others as they add a 10 digit random number to your hostname. However, if you delegate something to AWS and forget to remove your delegation after its use, then it is easy to reclaim that delegation by a third-party. Here is a nice one from Azure: mybrowser.microsoft.com
Daniel
[1] https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/
________________________________________
Von: dns-operations [dns-operations-bounces at dns-oarc.net]" im Auftrag von "Viktor Dukhovni [ietf-dane at dukhovni.org]
Gesendet: Donnerstag, 27. Juni 2019 02:11
An: dns-operations at dns-oarc.net
Betreff: [dns-operations] More detail on the EA/Origin "subdomain hijack"?
Anyone have more detail on:
https://arstechnica.com/information-technology/2019/06/security-firms-demonstrate-subdomain-hijack-exploit-vs-eaorigin/
It seems that it may be possible, with some cloud providers, for a
new customer to request to use the same cloud DNS name as a previous
customer? If so, why?
--
Viktor.
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list