MarkMonitor, a domain registrar, had left over 60,000 parked domains susceptible to domain hijacking.MarkMonitor, now part of Clarivate, is a domain management firm that assists in establishing and protecting the online presence of the world's biggest brands - and the billions who use them. The parked domains were found referring to non-existent Amazon S3 bucket addresses, indicating a domain takeover vulnerability. Ian Carroll, a security engineer, and bug bounty hunter, saw his automation script flag hundreds of domains belonging to various businesses as exposed to domain hijacking earlier this week. After that, Carroll was joined by Nagli and d0xing, who assisted the engineer in tracing the origin of the security flaw. MarkMonitor was the registrar for all of the domains. A (sub)domain takeover arises when an unauthorized actor is permitted to deliver the content of their preference on a domain that they do not own or control. This can happen, for instance, if the domain name contains a canonical name (CNAME) DNS entry pointing to a host that doesn't provide any content for it. This generally occurs when the website hasn't been launched yet, or when the virtual host has been withdrawn from a hosting provider, but the domain's DNS records still link to the host. Carroll explained, "If testing.example.com is pointed towards Amazon S3, what will S3 do if that bucket hasn't been created yet? It will just throw a 404 error—and wait for someone to claim it. If we claim this domain inside S3 before example.com's owners do, then we can claim the right to use it with S3 and upload anything we want." The issue affected over 60,000 domains, lasted less than an hour< ..
Support the originator by clicking the read the rest link below.
