Ars Technica - All Content

91 readers

5 users here now

All Ars Technica stories

founded 5 months ago

MODERATORS

[email protected]

Google calls for halting use of WHOIS for TLS domain verifications (arstechnica.com)

submitted 3 months ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Vector 2 points 3 months ago

Specifically, watchTowr researchers were able to receive a verification link for any domain ending in .mobi, including ones they didn’t own. The researchers did this by deploying a fake WHOIS server and populating it with fake records. Creation of the fake server was possible because dotmobiregistry.net—the previous domain hosting the WHOIS server for .mobi domains—was allowed to expire after the server was relocated to a new domain. watchTowr researchers registered the domain, set up the imposter WHOIS server, and found that CAs continued to rely on it to verify ownership of .mobi domains.

So, it was a takeover attack for a TLD registry that wasn’t properly retired…