Simon Willison’s Weblog

Subscribe

Monday, 21st April 2008

ISPs’ Error Page Ads Let Hackers Hijack Entire Web (via) Earthlink in the US served “helpful” links and ads on subdomains that failed to resolve, but the ad serving pages had XSS holes which could be used to launch phishing attacks the principle domain (and I imagine could be used to steal cookies, although the story doesn’t mention that). Seems like a good reason to start using wildcard DNS to protect your subdomains from ISP inteference.

# 6:51 am / dns, earthlink, isp, security, subdomains, wildcarddns, xss

2008 » April

MTWTFSS
 123456
78910111213
14151617181920
21222324252627
282930