|
|
|
|
|
|
by projektfu
638 days ago
|
|
|
I think you misinterpreted the sentence. They don't need to change the WHOIS client, it's already broken, exploitable, and surviving because the servers are nice to it. They needed to become the authoritative server (according to the client). They can do that with off-the-shelf code (or netcat) and don't need to mess with any supply chains. This is the problem with allowing a critical domain to expire and fall into evil hands when software you don't control would need to be updated to not use it. |
|
|
Definitely they could have worded that better to make it not sound like they had been intentionally contributing bad code to projects. I'll update my original post to reflect that.