Masu bincike daga watchTowr Labs sun buga sakamakon gwajin da ya shafi kama wani tsohon sabis na WHOIS daga mai rejista yankin .MOBI. Dalilin binciken shine mai rejista ya canza adireshin sabis na WHOIS, yana motsa shi daga yankin whois.dotmobiregistry.net zuwa sabon mai watsa shiri whois.nic.mobi. A lokaci guda, yankin dotmobiregistry.net ya daina amfani da shi kuma a cikin Disamba 2023 aka sake shi kuma ya kasance don yin rajista.
Masu binciken sun kashe dala 20 kuma suka sayi wannan yanki, bayan haka sun ƙaddamar da nasu sabis na WHOIS, whois.dotmobiregistry.net, akan sabar su. Abin mamaki shine yawancin tsarin ba su canza zuwa sabon mai watsa shiri whois.nic.mobi ba kuma ya ci gaba da amfani da tsohon sunan. Daga 30 ga Agusta zuwa 4 ga Satumba na wannan shekara, an rubuta buƙatun miliyan 2.5 na tsohon suna, an aika daga fiye da 135 dubu na musamman tsarin.
Daga cikin masu aika buƙatun akwai wasiƙu sabobin ƙungiyoyin gwamnati da na sojoji waɗanda suka duba wuraren da ke bayyana a cikin imel ta hanyar WHOIS, kamfanonin tsaro da dandamalin tsaro (VirusTotal, Group-IB), da kuma hukumomin ba da takardar shaida, ayyukan tabbatar da yanki, ayyukan SEO, da masu rijistar yanki (misali, domain.com, godaddy.com, who.is, whois.ru, smallseo.tools, seocheki.net, centralops.net, name.com, urlscan.io, da webchart.org).
An yi amfani da ikon aika kowane bayanai don amsa buƙatun tsohon sabis na WHOIS na yankin yankin MOBI don haɓaka nau'ikan hare-hare da yawa akan masu nema. Harin farko ya dogara ne akan tunanin cewa idan wani ya ci gaba da aika buƙatun zuwa sabis ɗin da aka daɗe ana maye gurbinsa, to wataƙila suna yin hakan ta amfani da tsoffin kayan aikin da ke ɗauke da lahani.
Misali, a cikin 2015, an gano raunin CVE-2015-5243 a cikin phpWHOIS, wanda ke ba da damar aiwatar da lambar maharin lokacin da aka keɓance takamaiman bayanan da uwar garken WHOIS ta dawo. Wani misali shine raunin CVE-2021-2021 da aka gano a cikin 32749 a cikin fakitin Fail2Ban, wanda ke ba da damar aiwatar da lambar waje lokacin da sabis ɗin WHOIS ya dawo da bayanan da ba daidai ba da aka yi amfani da shi wajen samar da gargaɗin toshewa (Fail2Ban ya ƙaddara imel ɗin mai gudanarwa na mai masaukin baki). ta hanyar WHOIS kuma ya ƙayyade shi lokacin gudanar da saƙon umarni ba tare da tserewa da kyau na haruffa na musamman ba).
Harin na biyu ya dogara ne akan gaskiyar cewa wasu hukumomin takaddun shaida suna ba da ikon tabbatar da ikon mallakar yanki ta hanyar imel da aka kayyade a cikin bayanan rajistar yankin, wanda ke samun dama ta hanyar ka'idar WHOIS. Ya bayyana cewa hukumomin takaddun shaida da yawa waɗanda ke goyan bayan wannan hanyar tabbatarwa suna ci gaba da amfani da tsohuwar uwar garken WHOIS don yankin yankin ".MOBI".
Saboda haka, bayan sun sami iko akan sunan whois.dotmobiregistry.net, maharan za su iya dawo da bayanan su, su yi bincike, da kuma samun bayanai Takardar shaidar TLS ga kowane yanki a yankin .MOBI." Misali, a lokacin gwajin, masu binciken sun nemi takardar shaidar TLS don yankin microsoft.mobi daga mai rijista na GlobalSign, kuma an nuna imel ɗin "whois@watchTowr.com" da sabis ɗin WHOIS na ƙarya ya dawo a cikin hanyar sadarwa kamar yadda ake samu don aika lambar tabbatar da mallakar yanki.
source: budenet.ru
