acm-header
Sign In

Communications of the ACM

ACM TechNews

Danger Caused by Subdomains


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Example of a domain structure with many subdomains.

The Security & Privacy Research Unit at TU Wien, in collaboration with Italy's Ca Foscari University, uncovered an important security vulnerability that had been overlooked.

Credit: tuwien.at

A security vulnerability could enable hackers to commandeer Website subdomains and inflict severe damage, according to researchers at Austria's Technical University of Wien (TU Wien) and Italy's Ca' Foscari University.

The vulnerability lies in the persistence of dangling records—links to subdomains no longer in use—where TU Wien's Mauro Tempesta said attackers can establish their own domains.

Such exploits can create vulnerabilities that pose risks to anyone who wants to use the actual site.

The researchers found 1,520 vulnerable subdomains within 50,000 of the world's most critical Websites, and university sites were more likely to be vulnerable, since they have an especially large number of subdomains.

TU Wien's Marco Squarcina said only 15% of those vulnerabilities have been corrected six months after administrators were warned of the threat.

From Technical University of Wien (Austria)
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account