yeah cloudflare etc shopify even has these

im surprised too

Have you ever encountered clean politics?

@@MoreBollocks-ui2zs haha No, not at all. But I do believe there are ‘levels’ of corruption. Like, pocketing a few hundred thousand, or million bucks, is less severe than say, willingly sacrificing lives, which is less severe than intentionally weakening and selling out the country to adversaries.

I think the point was made by companies acting as DNS registrar and not by those actually hosting any content, which makes it totally valid.

Do they, though?

​​@@orc001 Absolutely they have a point. It's web hosts that are ignoring the security concerns in their domain management feature. And it would be very simple for them to solve, by requiring some change to DNS records whenever the users add a domain, such as a unique id, which needs to be added as TXT record.

@@megaTiagoNunes1 if a domain is not delegated (or delegated incorrectly, to nowhere), there is no way to add any records (TXT including). Any workflow that would require a TXT record would be a mess. Best that could be done is to require a random security code added to whois info (I think there are comment fields or something), but it's a question whether domain registrars support that. And that's inconvenient too. It seems that asking to keep track of your domains and delegations is the a sane approach.

@@voidsp If there is an issue with the DNS management delegation, you can remove the NS record on the domain registrar platform, in which case you can add the TXT records all you want. If you check the Github issues, the solutions implemented involve requiring verification via TXT record (e.g. MediaTemple) or a new NS record be added every time (e.g. Cloudflare).

Pompompurin certainly bucked that trend 😂

Well, a bit of mix tho... If we talked about Russia or edgy script kiddies TA, sure their username are edgy... But for "possible" non America enemies originated TA, many of their names or their association are either weebs and furries...

White hat hackers are just the edgey gay furries that have grown up and settled down

So no one thinks it's because they have to explain the exploit and work with non-IT folks to fix it? It's easier to use simpler plain English terms there.

​@1308lee so are black hats, re: siege sec

Hi guardio

Gotta stay in Russia. Can't blame them for needing to get away though.

@@nojuanatall3281 that's also true

Yeah, a spy can't be put back into service easily but cybercriminal could be off and running as soon as you give them a phone.

I think you misunderstand the situation. Nobody is claiming he won't get up to nefarious activities again. US govt. must've simply deemed the upside to received prisoners worth it based on their own criteria, which is going to be rather complex to evaluate with so many prisoners involved. They likely would have gone back and forth with other names who won ultimately exchanged before arriving at this particular deal.

You need to think about it this way, this is warm war/cold war 2, and it's impressive negotiation to get, from the US perspective, 16 innocent people freed from torture camps, in exchange for Russia being given jurisdiction over some white collar _nonviolent_ criminals who were Russian nationals so from the perspective of Russian government, they should have been extradited to Russia and not the US

i read up on the 16 people Russia freed and they were almost all convicted of espionage in Russia for things like taking photos of tanks and sending them to NATO authorities, this makes them traitors/spies from the perspective of Russian loyalists but innocent from the USA perspective, you just have to understand that is how the world is and has been for about 80 years

@@tacokoneko "some white collar nonviolent criminals who were Russian nationals" with friends in high places.

And said issues being some of the most basic easily avoidable things possible. It's amazing how sloppy enormous security tech firms are. They should be held liable.

@@9hoot789 agreed

yep

Similar outcome, totally different method.

@@Seytonicahhh this is domain takeover not subdomain

Except that it works on the main domain as well as it's sub domains: you might call it sub domain takeover on steroids

@@SeytonicThe concept is the same

Why would you bother? In my opinion it's fully the responsibility of the domain owner. They manage which nameservers it points to. The same could happen if they forget to renew it and someone takes it over or if they point to a nameserver domain that got into other hands.

In Digital Ocean the name servers you're assigned are always the same for everyone: ns1, ns2 and ns3

Assuming you're talking about how Cloudflare assigns a random 2 nameservers from a pool? Those are actually assigned to the account, not the domain (so multiple new domains will get the same nameservers). However, if the domain is already using your account's assigned nameservers when you go to add it to your cloudflare account it generates a new pair just for that domain. You can't just reroll until you get the ones already in use, because that pair will specifically not be chosen

You might think that as it costs nothing to keep it till it expires, you might as well keep it in case you want to use it again after all, or on case you get a juicy offer to buy the rights to the name. The flaw in that thinking is that there is a cost invoked in leaving it insecure: a relationship cost if it's actually repurposed by a third party...

@@trueriver1950 What? No im saying you SHOULD remove the nameservers or delete the domain when you are done using it as it CAN be at risk. If you wanna keep the domain just remove the nameservers. Read my comment again bro.. im agreeing with you.

is the joke "Nutsack Radar?"

@@boreal3255 would like for that to be the case however one of my email addresses, and one of my friends’ has appeared in a breach labelled this on HIBP, unsure of how big it is

What is a databreach?

lol

27 gopos

Thanks my dude : )

yeah i was thinking that exact thing

Not really, subdomain takeovers usually happen because of a forgotten about CNAME record (which is essentially a domain alias). A sitting duck attack is a total domain takeover which allows you to send emails from the domain, etc, (not possible with subdomain takeover)

@@Seytonic From your explanation, the vulnerability stems from dangling DNS Records that point to an instance that no longer exists allowing an attacker to register an instance with the same domain or subdomain. Other providers such as Google and AWS fixed this issue by requiring domain or subdomain verification i.e you now have to add a .TXT DNS Record with certain metadata to your domain hosting provider to prove that you own the domain.

​@@Seytonicyes there is a difference but simplified they are the same: Someone who messed up by not removing old records...

Ditto

Should be in the description, the GitHub link

Oh 😅 first link Anyways, thanks for always great reports. Amazing job you do.

yes but the import service could easily be made in such a way that bad actors cant take over them

​@@ggsapyes but why would they? As domain owner you have a responsibility. If you can't even take care of your own domain for smthg as simple as that, then better stay away from it.

@@jb5631 why would they not if its such an easy fix and prevents their services from being used as malware hosts? it only tarnishes their reputation

Usa released murderers etc and russians released journalists

Actually the Russians released 16 and only got 8 in return. But one of their guys was a convicted assassin, so a big bargaining chip for the US

Russia released 16 and got 8, is it fair now ? 🤣 Double standards.

shut up and take my -money- gift cards!

You could ask users to add a txt record with an unique id, proving that they are in fact the owner of the domain

@@alexandrebaux4042 But you're adding the domain as DNS on DO, that means the bad actor just adds the txt record as the NS is already pointing to DO for the domain.

​@@clar1016 No, this way you would need to add the TXT record on the DNS service provider before you could even add the domain on your DO project. This would work, and it was the solution applied on MediaTemple.

All 3rd party NS providers are not vulnerable. There are already techniques in use to make sure you don't enable domain hijacking. One way you can make sure that a person claiming a domain name actually owns it is to ask them to make changes at the registrar level. For example, here is what Google is asking you to do if you want to set up your domain name for Google Workspace: "Verify your domain: [...] 1: You'll copy a verification code from the Google Workspace setup tool. 2: You'll sign in to your domain registrar and paste the verification code in to the DNS [TXT] records for your domain. After your domain registrar publishes your verification code, we'll know you are the owner of your domain." Digital Ocean could implement something similar. Alternatively, some 3rd party NS service providers ask you to assign a random set of specific subdomains as name servers, and they make sure that these don't match the ones you've already set up on the registrar side. This way, they can force you to make changes at the registrar level, which proves you own the domain.

As you could see in the video a lot of companies don't have the vulnerability, so it is possible. I think Cloudflare generates a random string that you need to add to your TXT records that you need to re-do whenever you re-add it to another account

Exactly, no real clue. In email, only the domain name really matters because you cannot possibly know all of the local-parts the company uses. "Local-part" being the text before the @. Thus, if the domain is legitimate, you have no ways to validate the local-part, if that is too.

Is this rage bait?

@@Seytonic stop talking to people anyhow in your copy. Stop running from the point lazy ass

Hostage like how?