|
|
|
|
|
|
by ixfo
671 days ago
|
|
|
Environment visibility is easy to get. If you pwn a box which has foo.internal, you can now impersonate foo.internal. If you pwn a box which has *.internal, you can now impersonate super-secret.internal and everything else, and now you're a DNS change away from MITM across an entire estate. Security by obscurity while making the actual security of endpoints weaker is not an argument in favour of wildcards... |
|
|