basic auth request
Eli the Bearded
* at eli.users.panix.com
Wed Aug 25 13:41:41 EDT 2021
In comp.lang.python, Jon Ribbens <jon+usenet at unequivocal.eu> wrote:
> Another attempt at combatting this problem is DNS CAA records,
> which are a way of politely asking all CAs in the world except the
> ones you choose "please don't issue a certificate for my domain".
> By definition someone who had hacked a CA would pay no attention
> to that request, of course.
Yeah, but it works for the case of forgotten hostnames, a rare but
real attack. Basically it works like this:
$COMPANY puts out a lot of things on different IP addresses from
a shared public(ish) pool like AWS and assigns different names
to them. Later $COMPANY discontinues one or more of those things,
terminates the host, and lets the IP address rejoin the public(ish)
pool.
$ATTACKER notices the domain name pointing to an unused IP address
and works to acquire it for their own server. $ATTACKER then gets
a cert for that domain, since they can easily prove ownership of
the server through http content challenges. $ATTACKER now has a
host in $COMPANY's name to launch phishing attacks.
This probably has some clever infosec name that I don't know.
Elijah
------
or a clever infosec name now forgotten
More information about the Python-list
mailing list