Gregory's Server@briankrebs The US is in a position of power where I don't think a country would consider hijacking domains it uses. Not to defend this, but
|
7 comments
  @briankrebs @alex I’ve received private disclosure of a potential vulnerability that I have independently verified as still active. I would disclose it as we are a whole year past the responsible disclosure period, but it’s the state of Georgia and incompetent governments don’t take too kindly to this: https://www.theverge.com/2021/10/14/22726866/missouri-governor-department-elementary-secondary-education-ssn-vulnerability-disclosure  @eb @briankrebs I’ve seen another subtle hack recently: I suppose CMS haven’t been patched, so all the content on a website had few words in article to be made in links that also point to some shady pharma site. I wonder if it’s possible to check backlinks from Georgia’s site. But referrer check is 👌. So simple, much efficient! @briankrebs @eb oh yeah, there a lot of horror going on and some gov services don’t even have TLS :) But for what it worth .me is (or was, jury is literally still out on this matter: https://m.cdm.me/english/procedure-for-me-domain-starts-from-very-beginning/) operated by joint enterprise with GoDaddy and Identity Digital @briankrebs @eb but I suppose the fact that who operates .me is being disputed doesn’t make you feel any safer 😬 |
@eb @briankrebs and on top of that Montenegrin IT capabilities can be summed up to a fact that we had major cyberattack in ‘22 that wiped out most of gov services and some of them are not restored as for today :) Had to ask US for a help and so on. So yeah, it’s highly unlikely to be ME operation