Category Archives: domain privacy

Researcher finds 670 Microsoft subdomains vulnerable to takeover

Years after it was first identified as a possibility, researchers have found it’s still child’s play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks.

Researchers at Vullnerability.com were able to grab more than 670 subdomains that had previously been used by Microsoft but subsequently forgotten about, including:

  • identityhelp.microsoft.com
  • mybrowser.microsoft.com
  • web.visualstudio.com / webeditor.visualstudio.com
  • data.teams.microsoft.com
  • sxt.cdn.skype.com
  • download.collaborate.microsoft.com
  • incidentgraph.microsoft.com
  • admin.recognition.microsoft.com

And many others, all of which look like the sort of legitimate subdomains users (including Microsoft employees), would be inclined to trust if lured to them by a phishing attack.

Read more in

Hostile Subdomain Takeover using Heroku/Github/Desk + more

Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.

http://labsdetectify.wpengine.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Advertisement

CyberSecurity: Security Importance of etc host file

You might be surprised to know how critical etc host file could be. I learned the importance of it and thought about sharing some of the details. 

Use of etc Host File

We all are familiar with host file & information in it. Most basic use of the etc host is to map to a hostname to IP (i.e 127.0.0.1 ) like localhost. There are other uses as well, let’s understand by an example.

Let’s see how things work when you type google.com in any web browser. 

Browser as a client would make a DNS request that is what we know. But, In reality, Operating System (OS) checks host file entry first before making a DNS request to resolve IP of the domain. If local DNS found in the local host file then OS picks the local DNS. Then OS uses ARP (Address Resolution Protocol ) to find out destination MAC (media access control) or Physical address.

Then OS handshake begins with destination host through TCP/IP Protocol & start sending the data. Will explain working knowledge of data packets & OSI model in some other posts. For now, just for host file.

Security Aspect of etc Host File

Used by Hackers: Hackers use this file when they wish to redirect traffic of the application to the proxy server. Hackers set up the proxy server before they modify host file. This technique called active network traffic capturing. Basically, Hackers get all the network traffic from your server or machine. It helps hackers to run an analysis & understand insights of application. Even they can decode the actual application logs. And, server network traffic helps hackers a lot in breaking the application further.

Used by Anti-virus & Security Products: Some antivirus & security products track changes to the system’s hosts because changes are a sign of malware. You might need to disable the product’s protection if you want to change the host file.

Note: A suggestion would be have proper privilege on host file.

CyberSecurity: The privacy policy of Godaddy.com

We all know Godaddy.com & many of us would have used before but not sure if we notice their privacy policy. The privacy policy is something companies always ask but you don’t have a choice to say NO. However, This privacy policy is different.

So Godaddy.com policy suggests that you could register a domain name but not guarantee of keeping your private information safe. You could get spam & scams if you don’t pay some extra amount to safeguard your own profile. To understand in Godaddy.com language, check out below snapshot.

Did you see that? Interesting to know that it is a situation where companies asking to pay more for user privacy. We have been thinking that it is a company or service provider responsibility to take care of their user details & their privacy. But it appears to me that Godaddy thinks differently. There might be a good reason to have this policy but as a user, it is not comforting.

Imagine a case when facebook, google or Apple starts demanding price of users privacy and say look, it is the responsibility of the users to use our services and the user has to pay extra to prevent themselves from any damage. Security & Privacy isn’t free and can’t be given a free service. Question is Is that what we are going to get as a user? Currently, none of organizations or entity has even been liable or punished for any damage. Software providers should be equally responsible for it

Why it is important?

There is whois database where you can get information of every domain. In general, That is the starting point for hackers to gather information about your service, domain & servers etc. More important is that whois database provide every information about the person who owns this domain if the person hasn't paid extra to these domain providers.

WHOIS Link to check information about any domain. https://ca.godaddy.com/whois

godaddy privacy policy
When you search for the domain and add the selected domain to the cart, Godaddy.com shows up their privacy policy for the user in the checkout page. 

Final Thought

The protection of the user privacy & prevent from any damage should be the first objective of any service providers. There may be the case where the domain owner needs to be given to the third party or authority. But does not mean that anyone is authorized to access domain & domain owner information.