server empowers researcher with unprecedented access”>Enlarge (credit: Aurich Lawson | Getty Images)
In an unusual twist of fate, a security analyst recently found himself equipped with the capabilities to forge HTTPS certificates, monitor email traffic, and execute personalized commands across numerous servers—all for a mere $20 and in just a few minutes. This remarkable event unfolded for Benjamin Harris.
As the CEO and founder of the cybersecurity firm watchTowr, Harris gained these extraordinary powers by claiming ownership of the domain dotmobilregistry.net. This domain was previously tied to the official WHOIS server responsible for .mobi—an essential top-level domain signaling that websites are tailored for mobile devices. Although it remains uncertain when exactly this WHOIS server transitioned from whois.dotmobiregistry.net to whois.nic.mobi, Harris stumbled upon this opportunity while retreating to his hotel room during last month’s Black Hat security conference in Las Vegas. He noticed that dotmobiregistry.net had expired due to neglect by its former owners, prompting him to register it and establish his own .mobi WHOIS service.
The Pitfall of Oversight
To Harris’s astonishment, within hours after launching his new server, it began receiving queries from over 76,000 distinct IP addresses. Within just five days, he recorded approximately 2.5 million queries originating from around 135,000 unique machines. The origins behind these requests included major players from various sectors such as leading domain registrars, cybersecurity firms offering online safety solutions, governmental bodies both domestic and international, academic institutions globally recognized for research excellence as well as certificate authorities—the organizations responsible for issuing trusted TLS certificates essential for ensuring secure HTTPS connections.
Read 18 remaining paragraphs | Comments
