dot mobi fun

rob

rob

Active member
Joined
Jul 8, 2024
Posts
61
Reaction score
108
Trophy points
34
labs.watchtowr.com

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries. Summary What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a
labs.watchtowr.com labs.watchtowr.com

Interesting read - Also, remember when .mobi was going to be the future of the internet? 😂 or was that .TEL ?
 
rob said:
labs.watchtowr.com

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries. Summary What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms - has now seemingly become a
labs.watchtowr.com labs.watchtowr.com

Interesting read - Also, remember when .mobi was going to be the future of the internet? 😂 or was that .TEL ?
Click to expand...
Interesting read.

I'm also unsurprised that this was possible! 😂
 
Wow, what a fucking shit show. I suppose 1.3 million people have WT to thank for not being injected with some rogue malware. Not the first time an organisation at this level has fucked up. by forgetting to renew their domains, and it wont be the last.

Remember when Swiss watch manufacturer Titoni AG lost control of Titoni.com and filed a DRS, which was not upheld as it was their own fault for not renewing. And this: https://domainnamewire.com/2013/04/18/15-fortune-100-companies-have-domains-that-expire-this-year/
 
Well done @rob for posting this a full eight hours before the same story was seen in the beautiful park.
 
Good job it's a nothing extension.

I wonder if this would go some way to explain why having extensions that barely gets used and hardly anyone gives a shit about, could be a security risk just inherently by them existing.
 
username said:
Good job it's a nothing extension.

I wonder if this would go some way to explain why having extensions that barely gets used and hardly anyone gives a shit about, could be a security risk just inherently by them existing.
Click to expand...
Evidently it isn't though. It was also very popular in about 2013 and then again in about 2016/7/8. I was actually aquaitances for a while with a guy who owned a business specifically targeting .mobi, and mobile websites for B2B through cold telesales. He was very successful.
 
ben said:
Evidently it isn't though. It was also very popular in about 2013 and then again in about 2016/7/8. I was actually aquaitances for a while with a guy who owned a business specifically targeting .mobi, and mobile websites for B2B through cold telesales. He was very successful.
Click to expand...

I'm not meaning literally nobody, but fewer than other extensions. But in general, I wonder if fewer people that care, the more likely it could be a security risk.

Probably the more extensions, the more risk. More people involved in keeping it sown up. I realise there are standards for lots of things, but not everything. So if nobody's really watching it keeping things up to date, cause it's not in their interests to care, like in this case and the CAs.

I remember that the owners of .mobi gave so little of a shit that their website had a list of .mobi sites to show off for years.... But for years they were rotting away, increasingly becoming a list of dropped .mobis.
 
Guess we can thank ICANN that we have 32034932 gTLD's now. I did like the idea of crypto domains with any extension you wanted (at a price), but sadly can't see them being adopted by mainstream browsers ever. Only Brave and Opera support them right now.
 
You must log in or register to reply here.
Back
Top