Embarrassing glitch with .mobi




.com, .net, .org, .info, .xyz, .online and all others
Forum rules
The Freename Forum is your central point of contact for all questions relating to the rapidly growing market of digital identities.

Embarrassing glitch with .mobi

Postby Research » Thu 19. Sep 2024, 20:24

By changing the WHOIS domain, it was possible to give hackers access to sensitive data.

The .mobi registry Identity Digital Limited has made a rookie mistake with considerable potential for damage. Hackers from WatchTowr had noticed that the domain for the .mobi WHOIS server had changed from whois.dotmobiregistry.net to whois.nic.mobi. The now unused domain dotmobiregistry.net had been allowed to expire by the registry in December 2023, so the hackers snapped it up for US$ 20. On Friday, August 30, 2024, they then set up a WHOIS server at whois.dotmobiregistry.net to see if there were any requests. The result was astonishing from the hackers' point of view: by September 4, 2024, there had been 2.5 million requests, including from various mail servers under .gov and .mil. Above all, however, it was discovered that numerous certification authorities responsible for issuing TLS/SSL certificates for domains such as google.mobi and microsoft.mobi were using the WHOIS server via the “Domain Email Validation” mechanism to determine the owners of a domain and where to send the verification data. “Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” said the hackers. Anyone letting a domain expire should therefore be really sure that they no longer need it.

You can find more information about the .mobi breakdown at:
https://labs.watchtowr.com/we-spent-20- ... s-of-mobi/
Research
 
Posts: 207
Joined: Thu 4. Jul 2024, 09:25

by Advertising » Thu 19. Sep 2024, 20:24

Advertising
 

Return to Web2 gTLDs: Generic Top Level Domains supported by ICANN

Who is online

No registered users

cron