Kevin Beaumont reports that, by compromising a router at Equinix in Chicago, attackers were able to forge DNS responses for myetherwallet.com, with users "redirected to a server hosted in Russia, which served the website using a fake certificate." Victims' online wallets were drained of cryptocurrency.
Also at The Verge and Ars Technica which said
Amazon lost control of a small number of its cloud services IP addresses for two hours on [April 24] when hackers exploited a known Internet-protocol weakness that let them to redirect traffic to rogue destinations. By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.
(Score: 2) by maxwell demon on Monday April 30 2018, @01:50PM (1 child)
I used LE specifically because I knew that LE uses such a mechanism, but I didn't know that other CAs use similar mechanisms. Of course as far as other CAs use similar mechanisms, similar strategies should work for them as well.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @01:48PM
> I didn't know that other CAs use similar mechanisms
Think about it. There has to be a way to transfer domains to new, legitimate owners. There has to be a way to verify ownership in the first place. Maybe the WHOIS data has a working phone number - but what are the odds that goes to the person making the request, in a large org?
Point being: it's not write-once. IP control is over-relied upon as identity proof.