For the past 4.5+ years, MasterCard has had a typo in its DNS records, where one of its domains was named as a22-65.akam.ne, instead of a22-65.akam.net (Akamai).
-
For the past 4.5+ years, MasterCard has had a typo in its DNS records, where one of its domains was named as a22-65.akam.ne, instead of a22-65.akam.net (Akamai).
Fortunately for MasterCard, the person who figured this out is one of the good guys, and he's actually here on Mastodon: @titon. I interviewed @titon -- Philippe Caturegli, founder of the security firm Seralys, in a story last year on domain name collisions.
https://krebsonsecurity.com/2024/08/local-networks-go-global-when-domain-names-collide/
Curiously, a look into the passive DNS for this domain via DomainTools indicates that someone in Russia registered this domain akam.ne in 2016 and had it sporadically resolve to an IP address in Germany for a few years (185.53.177,31). May have also involved the email address [email protected].
Just a reminder to check your DNS records for typos. Because if you don't control the domain name that your name servers are pointing to, there is virtually no end to the world of hurt that crooks can visit on your organization.
-
R [email protected] shared this topic
-
J [email protected] shared this topic
-
BrianKrebsreplied to BrianKrebs last edited by [email protected]
@titon forgot to paste the passive dns record:
2020-06-30
09:36:06
2025-01-14
09:11:26
~4y
~198d 570328 az.mastercard.com
NS a22-65.akam.ne -
good advice.
.co has definitely benefited from folks trying to be sure that user/browser typos don't go to the wrong place (.co typed instead of .com).
-
P [email protected] shared this topic
-
BrianKrebsreplied to BrianKrebs last edited by [email protected]
@titon MasterCard's response. Not sure what else I expected them to say, but probably more precise to say there was a risk that's not there anymore, and there's no sign anyone exploited it until now.
"We have looked into the matter and there was not a risk to our systems. This typo has now been corrected."
-
@briankrebs lol typical ass covering. Some of the queries that we recorded to confirm the issue. Curious what they consider a risk then.
