DEAD - An attack vector on web services, due to e-mail's faults due to DNS
In Summary : DEAD is a potential vulnerability in the DNS system that exists due to the poor method in which it was implemented in totali...
https://updatesinfosec.blogspot.com/2018/06/dead-attack-vector-on-web-services-due.html
In Summary :
DEAD is a potential vulnerability in the DNS system that exists due to the poor method in which it was implemented in totality. DNS, which is largely controlled by ICANN, is susceptible to third-party takeover and simple expiration. Modern e-mail utilizes DNS extensively. E-mail users create e-mail addresses with the form user@domain.com. Websites, all over the world, utilize e-mail to verify people’s identities (many let you reset your password with just an e-mail). Since DNS is susceptible to third-party takeover and simple expiration, it is deterministic that many e-mail address domains will expire (e.g., death of a person and expiration of said person’s credit card), leaving people’s accounts on websites, all over the world, susceptible to account theft. [...]
kindly refer the following link as follow up :
https://ift.tt/2tbF2CZ
DEAD is a potential vulnerability in the DNS system that exists due to the poor method in which it was implemented in totality. DNS, which is largely controlled by ICANN, is susceptible to third-party takeover and simple expiration. Modern e-mail utilizes DNS extensively. E-mail users create e-mail addresses with the form user@domain.com. Websites, all over the world, utilize e-mail to verify people’s identities (many let you reset your password with just an e-mail). Since DNS is susceptible to third-party takeover and simple expiration, it is deterministic that many e-mail address domains will expire (e.g., death of a person and expiration of said person’s credit card), leaving people’s accounts on websites, all over the world, susceptible to account theft. [...]
kindly refer the following link as follow up :
https://ift.tt/2tbF2CZ
