Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]

Are Virgin Media “Port Scanning” their customers… and profiting from it? [UPDATED]

Virgin Media are one of the UK’s largest Internet Service Providers (ISP), with over 5 million broadband subscribers. Yesterday, a concerned Virgin Media customer forwarded me an email they’d received: The email – which was addressed to the customer by name, and included their name and IP address – had genuinely originated from Virgin Media. […]

InfoSec Guy

UK-based software developer & award-winning security blogger, blogging about all things #InfoSec, #AppSec & #CyberSecurity related and striving towards a safer internet for all!

Tag: vulnerability

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Are Virgin Media “Port Scanning” their customers… and profiting from it? [UPDATED]