this post was submitted on 20 Sep 2024
6 points (100.0% liked)

Ars Technica - All Content

91 readers
5 users here now

All Ars Technica stories

founded 5 months ago
MODERATORS
top 1 comments
sorted by: hot top controversial new old
[–] Vector 2 points 3 months ago

Specifically, watchTowr researchers were able to receive a verification link for any domain ending in .mobi, including ones they didn’t own. The researchers did this by deploying a fake WHOIS server and populating it with fake records. Creation of the fake server was possible because dotmobiregistry.net—the previous domain hosting the WHOIS server for .mobi domains—was allowed to expire after the server was relocated to a new domain. watchTowr researchers registered the domain, set up the imposter WHOIS server, and found that CAs continued to rely on it to verify ownership of .mobi domains.

So, it was a takeover attack for a TLD registry that wasn’t properly retired…