Dynadot

.io Hacker takes over every .io domain by snapping up crucial name servers

Spaceship Spaceship
Watch

deez007

The More I Learn The Less I "Know"Top Member
Impact
12,971
A blunder during a handover of the .io registry allowed a security researcher to potentially take control of more than 270,000 .io domains.

Late Friday, Matthew Bryant noticed an unusual response to some test code he was using to map top-level domains: several of the .io authoritative name servers were available to register.

Out of interest, he tried to buy them and was amazed to find the registration went through – leaving him potentially in control of hundreds of thousands of websites.

Full Article Here:
https://www.theregister.co.uk/2017/07/10/io_hijacking_in_transition_cockup/
 
14
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Now that's one hell of a blunder.:facepalm:
 
5
•••
That's mind blowing news.

They where lucky, if the wrong type of people find out this security risk nic.io would have much more explaining to do.

i'm amazed how it took so much time for them to do anything about it after Bryant informed them (24h) they should really focus in their security there's hundreds of startups on the risk, they can also sue nic.io very quickly.
 
3
•••
That's mind blowing news.

They where lucky, if the wrong type of people find out this security risk nic.io would have much more explaining to do.

i'm amazed how it took so much time for them to do anything about it after Bryant informed them (24h) they should really focus in their security there's hundreds of startups on the risk, they can also sue nic.io very quickly.

Yeah dude, shocking that they were so calm about the whole thing. I hope they gave him a really nice reward or something...
 
3
•••
@deez007 they really should reward him he deserves it (lot's of people wouldn't even bother to contact nic.io), if it wasn't for him nic.io could have been in real trouble.

Can you just imagine if a hacker with bad intentions learn of this before anyone else, imagine what they could do and the problem's they may bring.

Plus if Bryant wouldn't have alerted them hackers could have target powerful startups, companies and investor's this would have happen it was just a matter of time (especially since .io is well known in the tech/hacker world).

If that happen who do you think the startups, companies and investor's are going after it will be nic.io for their major security risk (especially if it cost them money) i think nic.io would be sued back to the stone age.

So in my eyes Bryant saved them good money, the least they can do is reward him.

Ps: It always amazed me how relax some companies can be when they have major security risk's like this one.

It's like their saying "just relax everything is under control (when it's the opposite)" B-)

By the way @deez007 thank you for sharing.
 
3
•••
It seems that Bryant is a very smart and honest person - Kudos to him!(y)
 
4
•••
It seems that Bryant is a very smart and honest person - Kudos to him!(y)
Hey, why do you have the same avatar as I do? ;)
 
3
•••
3
•••
Businesses that host their websites on. io could always set up a go fund me page to reward the guy as he saved them a lot of money
 
2
•••
Wow what a interesting article!
Almost as interesting in the use of "hacker" in title..great keyword to get attention! Lol
 
2
•••
2
•••
Wow what a interesting article!
Almost as interesting in the use of "hacker" in title..great keyword to get attention! Lol

Lol, funny you should mention that :)

The original word was "Bl*ke" (the asterix being "O") but for some reason someone reported the thread title as being offensive because of that word ...lol - so it was suggested that the word be changed "hacker" (along the lines of whitehat hacker).
 
1
•••
Lol, funny you should mention that :)

The original word was "Bl*ke" (the asterix being "O") but for some reason someone reported the thread title as being offensive because of that word ...lol - so it was suggested that the word be changed "hacker" (along the lines of whitehat hacker).
lol Bl0ke? Must have a real different meaning in my end of the world..just assumed it meant "guy"
 
1
•••
lol Bl0ke? Must have a real different meaning in my end of the world..just assumed it meant "guy"

Yeah same here dude... in this end of the world it means "you" as well but seems someone took offence...lol, maybe it means something different somewhere else in the world in a different language... who knows :)
 
0
•••
Back