A Worrying Story about .io and DNS Servers...

Discussion in 'Domains and SSL Certificates' started by cheat_master30, Jul 10, 2017.

  1. cheat_master30

    cheat_master30 Moderator

    3,727
    882
    +884
    Basically, as this guy online found out, at least four of the domain names for the .io domain extension's DNS servers weren't registered:

    https://thehackerblog.com/the-io-er...-all-io-domains-with-a-targeted-registration/

    This meant that by registering them, he could have redirected every single domain with the .io extension, or used them to do things like serve malware.

    So yeah, be careful when it comes to domains and less well known domain extensions. Because as it turns out, a few of don't protect the domains used for their DNS servers anywhere near well enough, and that could lead to horrific consequences if attackers register them for their own purposes.
     
    • Informative! Informative! x 5
    • Like Like x 1
    • List
  2. Paul M

    Paul M Dr Pepper Addict

    3,041
    1,097
    +1,257
    Ooops.

    I wonder how log it would have taken them to notice, had he not contacted the registry.
     
    • Also Wondering! Also Wondering! x 1
    • List
Verification:
Draft saved Draft deleted