"The root cause is simple: organizations create DNS records and never clean them up. There is no expiry date on a CNAME record. Nobody gets an alert when the target stops responding."
"Finding hijacked subdomains is straightforward. People need only enter site:[university].edu 'xxx' or site:[university].edu 'porn' for an affected institution, and scores of results will appear."
"Any organization with a website should compile a running inventory of all subdomains along with the purpose of each one and its corresponding CNAME record."
"Clearly, many universities and other organizations are flouting this common-sense practice. Only a handful of the affected universities have expunged dangling CNAME records since he went public with his findings."
Many universities fail to maintain their DNS records, resulting in hijacked subdomains that can be exploited. The decentralized nature of university operations allows individual departments to create subdomains without oversight. When personnel leave, their DNS records often remain active without decommissioning. Finding these hijacked subdomains is easy through specific search queries. Organizations should maintain an inventory of subdomains and regularly audit them to remove inactive records. Despite awareness, few universities have taken action to address dangling CNAME records, leaving them visible in search results.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]