<<<
Chronological Index
>>> <<<
Thread Index
>>>
[dssa] Interesting article -- probably out of scope for us, but FYI
- To: dssa@xxxxxxxxx
- Subject: [dssa] Interesting article -- probably out of scope for us, but FYI
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Tue, 13 Sep 2011 07:30:57 -0500
hi all,
i thought some of you (being that we're a gaggle of security type people) might
be interested in this article about typosquatting domain names as a way to
passively harvest sensitive email.
http://arstechnica.com/business/news/2011/09/researchers-typosquatting-snarfed-20gb-worth-of-fortune-500-e-mails.ars
given that we're testing our "scope" rules this week, i thought i'd also use
this as a test case. i would think that the general use-case of this would be
out of scope (malicious use of a domain name). but it would be in scope if it
were used as an attack vector on a registry or registrar. right?
so does that mean that we should build a section of our report that collects
these attack-vectors for possible inclusion in a "best practices" section?
food for thought, low priority.
mikey
PS -- i have the corp.com domain, which started getting masses of this kind of
email as soon as i registered it in the mid-'90's. i didn't realize it until i
wildcarded the MX for the domain one day and immediately crashed my server.
for example, somebody would mis-address mail to HRDept@xxxxxxxxxxxx rather than
the correct HRDept@xxxxxxxxxxxx. so there are other variants of this
vulnerability and perhaps an opportunity for somebody to do a great good deed
by educating folks about this. btw, i immediately dropped the MX record out of
that domain… :-)
- - - - - - - - -
phone 651-647-6109
fax 866-280-2356
web http://www.haven2.com
handle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|