watchTowr: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Yo what the fuck. watchTowr had inadvertently undermined the CA process for the entire .mobi TLD:
we took control of a chunk of the Internet’s infrastructure, opened up a big slab of juicy attack surface, and found a neat way of undermining TLS/SSL - the fundamental protocol that allows for secure communication on the web.
No spoilers, this is a must-read.
#mobi #tls #ssl #vulnerability
Not Simon the Goat /
npub1ce…mclln
2024-09-11 14:00:11
Author Public Key
npub1cetfz9z5qtn3lly58p3t4hmxxqhy0vml22z5g8rve3vjesg5gzxs6mcllnPublished at
2024-09-11 14:00:11Event JSON
{
"id": "dd3455ff4dbc426433547ef622ceca119bb685e97da350a75722107cdebd9658",
"pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d",
"created_at": 1726063211,
"kind": 1,
"tags": [
[
"t",
"mobi"
],
[
"t",
"tls"
],
[
"t",
"ssl"
],
[
"t",
"vulnerability"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113119278661311719",
"activitypub"
]
],
"content": "watchTowr: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI\nYo what the fuck. watchTowr had inadvertently undermined the CA process for the entire .mobi TLD:\n\nwe took control of a chunk of the Internet’s infrastructure, opened up a big slab of juicy attack surface, and found a neat way of undermining TLS/SSL - the fundamental protocol that allows for secure communication on the web.\n\nNo spoilers, this is a must-read.\n\n#mobi #tls #ssl #vulnerability",
"sig": "077e050805d627f303fbba607d6038fa1ec3593c38fb0bd5c26f77100d476ba1ed308468cab695a57992c899554dd0758c8b2d4b75a91c96bd3b84955517e114"
}