Techly NewsGet the app

Get the latest tech news

Rogue WHOIS server gives researcher superpowers no one should ever have


.mobi top-level-domain managers changed the location of its WHOIS server. No one got the memo.

It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. The entities behind the systems querying his deprecated domain included a who’s who of Internet heavyweights comprising domain registrars, providers of online security tools, governments from the US and around the world, universities, and certificate authorities, the entities that issue browser-trusted TLS certificates that make HTTPS work. Eventually, the directory evolved into the WHOIS system, a query-based server that provided a comprehensive list of all Internet host names and the entities that had registered them.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Rogue WHOIS

Rogue WHOIS

Photo of Rogue WHOIS server

Rogue WHOIS server

« “HAIL HOLY TERROR”: Two US citizens charged for running online “Terrorgram Collective”
Will California flip the AI industry on its head? »