## page was renamed from DNS/floating_domains = floating_domains = <> [[DNS/lame_delegation]] [[DNS/Domain hijacking]] <> == 気づき == Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html 漂流中という意味か。(digital ocean だから。) [[DNS/hijacking/thehackerblog/Floating Domains]] == Subdomain Takeover == Subdomain Takeover: Going beyond CNAME https://0xpatrik.com/subdomain-takeover-ns/ == Route53 Set Up == [[/route53]] == twitter から == https://twitter.com/CheenaBlog/status/1089116229690904576 2016年に似たような指摘をDigitalOceanが受けていた。 これは一度DigitalOceanのアカウントに自分のドメインを追加してその後に削除して, ネームサーバーを変えないままでいると第三者がそのドメインを自分のアカウントに追加できるということだ。 20:01 - 2019年1月26日 == Brian Krebs == https://twitter.com/briankrebs/status/1087904455922728960 Breaking, exclusive: bomb threat, sextortion spammers abused weakness at GoDaddy that led to hijacking of 5,000+ domains from some of the world's most recognizable companies https://krebsonsecurity.com/2019/01/bomb-threat-sextortion-spammers-abused-weakness-at-godaddy-com/ … 11:46 - 2019年1月23日 {{{ experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers }}} https://twitter.com/HagAndSquirrel/status/1087909040984854528?s=20 “A lot of the providers are of the opinion that it’s down to a user mistake and not a vulnerability they should have to fix” == It's Maddening. == https://twitter.com/H0tdish/status/1088148800785604609 Ahhh *screaming*. Worst part is the relative simplicity of this jack (Vulnerable target, motivated offender, lack of active guardians) & the built in *reputational bypass MO* & how long we've known a/b this & how many provider's *still do not see* the need to fix. It's Maddening. 3:57 - 2019年1月24日