Ofufuza ochokera ku watchTowr Labs afalitsa zotsatira za kafukufuku wokhudza ntchito yakale ya WHOIS ya .MOBI domain registrar. Kafukufukuyu adachitika chifukwa cha kusintha kwa adilesi ya WHOIS ndi registrar, kuisuntha kuchoka pa whois.dotmobirigistry.net kupita ku host yatsopano, whois.nic.mobi. Pakadali pano, dotmobirigistry.net domain idachotsedwa ntchito ndipo idatulutsidwa mu Disembala 2023, zomwe zidapangitsa kuti ipezeke kuti ilembetsedwe.
Ofufuzawo adagwiritsa ntchito $20 ndikugula domain iyi, kenako adayambitsa ntchito yawo yabodza ya WHOIS, whois.dotmobirigistry.net, pa seva yawo. Chodabwitsa n'chakuti, makina ambiri sanasinthe kupita ku host yatsopano, whois.nic.mobi, koma adapitiliza kugwiritsa ntchito dzina lakale. Kuyambira pa Ogasiti 30 mpaka Seputembala 4 chaka chino, mafunso 2.5 miliyoni okhudza dzina lakale adalembedwa, ochokera ku makina apadera oposa 135.
Pakati pa otumiza mapempho panali positi maseva mabungwe aboma ndi ankhondo omwe adayang'ana ma domain omwe akuwoneka m'maimelo kudzera pa WHOIS, makampani achitetezo ndi nsanja zachitetezo (VirusTotal, Group-IB), komanso akuluakulu opereka satifiketi, ntchito zotsimikizira ma domain, ntchito za SEO, ndi olembetsa ma domain (monga, domain.com, godaddy.com, who.is, whois.ru, smallseo.tools, seocheki.net, centralops.net, name.com, urlscan.io, ndi webchart.org).
Kutha kutumiza deta iliyonse poyankha pempho ku ntchito yakale ya WHOIS ya ".MOBI" domain zone kunagwiritsidwa ntchito popanga mitundu ingapo ya ziwopsezo motsutsana ndi opempha. Kuukira koyamba kunachokera pa lingaliro lakuti ngati wina apitiliza kupempha ntchito yomwe idafa kalekale, mwina akuchita izi pogwiritsa ntchito zida zakale zomwe zili ndi zofooka.
Mwachitsanzo, mu 2015, vulnerability CVE-2015-5243 idapezeka mu phpWHOIS, zomwe zimalola kugwiritsa ntchito ma code a owukira pofufuza deta yopangidwa mwapadera yobwezedwa ndi seva ya WHOIS. Chitsanzo china ndi vulnerability CVE-2021-32749, yomwe idapezeka mu 2021 mu phukusi la Fail2Ban, lomwe limalola kugwiritsa ntchito ma code akunja pamene deta yolakwika ikubwezedwa ndi ntchito ya WHOIS yomwe imagwiritsidwa ntchito popanga chenjezo loletsa (Fail2Ban idazindikira adilesi ya imelo ya woyang'anira host kudzera mu WHOIS ndikuyitchula pamene ikuyendetsa lamulo la makalata popanda kuthawa zilembo zapadera).
Kuukira kwachiwiri kumadalira ma CA ena omwe amapereka mphamvu yotsimikizira umwini wa domain kudzera pa imelo yomwe yalembedwa mu database ya registrar ya domain, yomwe imapezeka kudzera mu protocol ya WHOIS. Zapezeka kuti ma CA angapo omwe amathandizira njira yotsimikizirayi akupitilizabe kugwiritsa ntchito seva yakale ya WHOIS pakuwonjezera domain ya ".MOBI".
Motero, atatha kulamulira dzina lakuti whois.dotmobirigistry.net, owukira amatha kupeza deta yawo, kutsimikizira, ndikupeza Satifiketi ya TLS pa domain iliyonse mu .MOBI zone." Mwachitsanzo, panthawi yoyesera, ofufuzawo adapempha satifiketi ya TLS ya domain ya microsoft.mobi kuchokera kwa GlobalSign registrar, ndipo imelo "whois@watchTowr.com" yobwezedwa ndi ntchito yabodza ya WHOIS idawonetsedwa mu mawonekedwe omwe alipo kuti mutumize khodi yotsimikizira umwini wa domain.
Source: opennet.ru
