MoinQ:

1. DNS/hijacking/thehackerblog

https://news.ycombinator.com/from?site=thehackerblog.com

1.1. thehackerblog

/Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System August 25, 2016 https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html

Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/


https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/index.html

The Orphaned Internet –

December 05, 2016

1.2. The Managed DNS Vulnerability

The issue occurs when a domain name is used with one of these cloud services and 
the zone is later deleted without also changing the domain’s nameservers. 

This means that the domain is still fully set up for use in the cloud service but 
has no account with a zone file to control it. 

In many cloud providers this means that anyone can create a DNS zone for that domain and
take full control over the domain. 

This allows an attacker to take full control over the domain to set up a website,
issue SSL/TLS certificates, host email, etc. 
Worse yet, after combining the results from the various providers affected by this problem over 120,000 domains were vulnerable (likely many more).

1.3. Detecting Vulnerable Domains via DNS

 If the domain is vulnerable then the nameservers will return either a SERVFAIL or REFUSED DNS error.

Google Cloud DNS (~2.5K Domains Affected, Patched)

Amazon Web Services – Route53 (~54K Domains Affected, Multiple Mitigations Performed)

Rackspace (~44K Domains Affected, Won’t Fix)