The underlying challenge is that people are effectively treating infrastructure as temporary, but with very, very permanent effects on what it gives access to, what it authorizes, where it's trusted, etc.
Millions of systems - including cybersecurity firms and mail servers used by governments, militaries, and universities - were still querying the expired domain, meaning a nation-state group could have exploited this situation.
On August 30, 2023, the researchers spun up a WHOIS server and pointed it to whois[.]dotmobiregistry[.]net to identify who was using the legacy domain.
By creating a new WHOIS server, the team crafted a humorous response containing ASCII art to those querying the outdated domain, highlighting the infrastructure's unaddressed risks.
#whois-protocol #cybersecurity #certificate-authorities #infrastructure-vulnerability #network-security
[
Collection
]
[
|
...
]