Hacker News new | ask | show | jobs
by ericpauley 1256 days ago
Security vulnerabilities due to resource reuse (subdomain takeover is just one example of this) are rampant and readily exploitable for tons of major companies, especially as cloud providers and SaaS often overlook these as being client responsibilities.

Shameless plug, I’ve worked on identifying/characterizing these issues on cloud providers: https://arxiv.org/pdf/2204.05122.pdf

It’s only a matter of time before adversaries become more sophisticated at identifying and exploiting these in bulk.
2 comments
hannob 1255 days ago
As you plug this paper, I should point out that it's really bad behavior to not cite prior work. The original idea of subdomain takeover was by Frans Rosén: https://labs.detectify.com/2014/10/21/hostile-subdomain-take...

When your paper came out some media articles made it sound like you invented the method, as you didn't bother to cite the original finder.

I know, academics don't like to cite "gray literature". But that's really not ok.

link
ericpauley 1255 days ago
This appears to be a case of differing convention and differing scope.

Our work isn’t fundamentally about just subdomain takeover, which has received substantial academic study (we cited multiple of these). Academic conference papers are highly space constrained, so it’s common to limit cites to seminal conference papers unless no such sources exist. In this case Liu et al. 2016 is the original academic cite and does cite the work you mention. The work you mention also specifically also deals with SaaS-related (not IP-related) subdomain takeover, which is a separate area that we don’t study in our work.

link
amitport 1255 days ago
they have a page on background. Have you considered that there is no malintent?
link
idealmedtech 1256 days ago
About to take a whack at reading your paper, but in plain programmer speak, can you explain a few ways this might be exploited in the wild?
link
ericpauley 1256 days ago
Biggest finding is that adversaries can easily allocate many IPs on public clouds. From this, automated traffic analysis can find what we call latent configurations (e.g., subdomain takeover) and exploit these. For instance you could allocate cloud IPs to collect SNS messages with PII to phish people, or receive passwords or data intended for other sites.

More high-level description here: https://pauley.me/post/2022/cloud-squatting/

link
idealmedtech 1256 days ago
That's so interesting! Giving me an idea for a side project that I'm sure has been done many times before :)
link