Source URL: https://www.theregister.com/2024/09/11/watchtowr_black_hat_whois/
Source: The Register
Title: How $20 and a lapsed domain allowed security pros to undermine internet integrity
Feedly Summary: What happens at Black Hat…
While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. They claim to have found a way to undermine certificate authorities, which the world trusts to keep the internet safe by verifying the identity of websites.…
AI Summary and Description: Yes
Summary: The text discusses significant vulnerabilities within the WHOIS protocol and its implications for internet security, particularly concerning certificate authorities (CAs). Researchers from watchTowr Labs found that an expired domain could have been exploited by malicious entities, emphasizing the need for a reevaluation of trust in internet protocols and the proper management of infrastructure.
Detailed Description:
– **Vulnerability Discovery**: Researchers from watchTowr Labs explored weaknesses in the WHOIS protocol during the Black Hat conference, highlighting potential exploit avenues for malicious actors.
– **Expired Domain Exploit**:
– WatchTowr acquired an expired domain related to WHOIS queries, which could have easily been taken over by hostile entities (e.g., nation-states).
– They crafted a new WHOIS server pointing to the old domain, revealing vulnerabilities in systems still referencing outdated WHOIS servers.
– **Impact of Findings**:
– Over 135,000 unique systems engaged with the new WHOIS server, generating more than 2.5 million queries, including those from security and government entities.
– The expired domain posed a risk as it could have been manipulated to intercept communications and undermine trust in certificate authorities.
– **Certificate Authority Risks**:
– The manipulation of WHOIS responses provided a route for acquiring TLS/SSL certificates for prominent domains like google.mobi and microsoft.mobi, which could enable traffic interception or malware distribution under the guise of legitimate services.
– Existing vulnerabilities in client software interacting with these domains could be exploited by attackers.
– **Long-standing Issues**:
– The researchers pointed out that the problems extend beyond the immediate vulnerability to fundamental trust issues with certificate authorities and internet protocols.
– Discussion of the challenges posed by domain expiration and the transient nature of internet infrastructure emphasized the need for better governance and security measures.
– **Call to Action**:
– The findings serve as a wake-up call about the real threats to internet infrastructure and the security implications for both organizational and individual users.
In conclusion, this research underscores critical vulnerabilities in the way internet infrastructure is managed, particularly concerning WHOIS protocols and certificate authorities, necessitating steps to improve security practices and mitigate risks.