basic auth request

[Barry]

> On 25 Aug 2021, at 20:34, Eli the Bearded <*@eli.users.panix.com> wrote:
> 
> In comp.lang.python, Jon Ribbens  <jon+usenet at unequivocal.eu> wrote:
>> Another attempt at combatting this problem is DNS CAA records,
>> which are a way of politely asking all CAs in the world except the
>> ones you choose "please don't issue a certificate for my domain".
>> By definition someone who had hacked a CA would pay no attention
>> to that request, of course.
> 
> Yeah, but it works for the case of forgotten hostnames, a rare but
> real attack. Basically it works like this:
> 
> $COMPANY puts out a lot of things on different IP addresses from
> a shared public(ish) pool like AWS and assigns different names
> to them. Later $COMPANY discontinues one or more of those things,
> terminates the host, and lets the IP address rejoin the public(ish)
> pool.
> 
> $ATTACKER notices the domain name pointing to an unused IP address
> and works to acquire it for their own server. $ATTACKER then gets
> a cert for that domain, since they can easily prove ownership of
> the server through http content challenges. $ATTACKER now has a
> host in $COMPANY's name to launch phishing attacks.
> 
> This probably has some clever infosec name that I don't know.

It is possible to sign an ip address in a certificate, but that is not often done.
Getting to reuse the IP address that example.com was using will not help
the attacker unless they can make a cert that signs the dns  name.
And that means they hacked the CA which is a big problem.

Barry



> 
> Elijah
> ------
> or a clever infosec name now forgotten
> 
> -- 
> https://mail.python.org/mailman/listinfo/python-list
>