Typo left MasterCard open to hackers for years
A typo in MasterCard’s DNS configuration left the company open to hackers for years, it has emerged.
As first reported by Krebs On Security, from June 2020 until this month one of az.mastercard.com’s nameservers was set as akam.ne rather that akam.net, a domain used by DNS resolution provider Akamai.
The .ne version, in Niger’s ccTLD, was unregistered until security researcher Philippe Caturegli discovered the typo and spent $300 to secure the domain and check to see how much traffic it was getting, before handing it to MasterCard.
Had Caturegli been a bad actor, he could have used the domain to set up a man-in-the-middle attack, diverting a big chunk of traffic intended for mastercard.com to the server of his choosing.
MasterCard said its systems were not at risk and the typo has been corrected, Krebs reports.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
‘from June 2000’ you’ve got the year wrong.
Additionally, the very important distinction here is that it’s a subdomain of mastercard.com (az.mastercard.com.) – not NS at the apex itself.
Cheers. I’m using borrowed spectacles at the moment.
what is “az.mastercard.com” even used for? zero reference to anything on the Internet other than this “news.”
A boneheaded move for sure but I have every reason to believe Mastercard when they say they are not at risk.
“open to hackers” — how? at least propose a viable threat vector. is Mastercard not running TLS somewhere or something? work with me here.
DNS delegation is all one needs to issue a TLS certificate for that domain, so TLS doesn’t address this specific threat vector.