A small tweak gave researchers a powerful web-domain capability that could prove incredibly useful to hackers.
A small tweak gave researchers a powerful web-domain capability that could prove incredibly useful to hackers.
A cybersecurity researcher recently stumbled upon an Internet vulnerability that allowed him to sniff people's email, execute code on servers and even spoof HTTPS certificates – giving him so many options that he's been described as having “superpowers”.
The vulnerability is pretty simple: an expired domain that keeps getting pinged by numerous servers. The domain in question is dotmobiregistry.net, which used to host the .mobi WHOIS server.