Idea for an attack: Let's assume an ISP example that gives you an IP with a reverselookup of form [somenumber].something.customer.example.com
This attack could work for any domain where [somenumber].something.example.com resolves programmatically to an ip address decoded from [somenumber].
-
-
I suspect it may also work on dyndns providers that provide dynamic hosts under the same second-level domain as they operate their site under, e.g. for hijacking sessions of other users on the service.
-
most dyndns providers are in the public suffix list. if someone provides dyndns without being in psl that by itself should be considered a bug.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.