• Re: DNS Misconfiguration on- http://cyberia.net.sa/

    From =?utf-8?B?T25kxZllaiBTdXLDvQ==?=@ondrej@isc.org to Jukka Pakkanen on Fri Jun 5 11:53:20 2020
    From Newsgroup: comp.protocols.dns.bind


    --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    The localhost.<foo> is not scam, but the

    =E2=80=9EI found this on HackerOne and I now want money=E2=80=9C is =
    scam.

    Remove the localhost entry from the zone, but you should not pay money
    for issues that can be produced by automated scanners.

    HackerOne is doing everyone disfavor by paying nonsensical amounts of
    money[*] for small issues like this. They (and other wealthy companies)
    should be paying money only for original security research and not this nonsense.

    * $100 is a helluva money in some economies...

    Ondrej
    --
    Ond=C5=99ej Sur=C3=BD
    ondrej@isc.org

    On 5 Jun 2020, at 11:24, Jukka Pakkanen <jukka.pakkanen@qnet.fi> =
    wrote:
    =20
    Complete scam, ignore.
    =20
    Just check the =E2=80=9Csecurityfocus=E2=80=9D link, it=E2=80=99s fake =
    too.
    =20
    Jukka
    =20
    L=C3=A4hett=C3=A4j=C3=A4: bind-users =
    <bind-users-bounces@lists.isc.org> Puolesta Ejaz Ahmed
    L=C3=A4hetetty: 5. kes=C3=A4kuuta 2020 10:55
    Vastaanottaja: bind-users@lists.isc.org
    Aihe: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
    =20
    =20
    =20
    =20
    Some one is is claiming that our name server 212.118.64.2 is =
    vulnerable with below information is this true
    =20
    Any suggestions would be appreciated
    =20
    Thanks a n advance
    =20
    Ejaz
    =20
    =20
    =20
    =20
    Dear CYBERIA GROUP Security Team ,
    =20
    I Rahul a Ethical Hacker and Security Researcher. I found a =
    vulnerability on your website that is DNS Misconfiguration .
    =20
    Your localhost.cyberia.net.sa has address 127.0.0.1 and this may =
    lead to "Same- Site" Scripting. I can also ping the localhost network.
    =20
    =20
    Here is detailed description of this minor security issue : =
    http://www.securityfocus.com/archive/1/486606/30/0/threaded
    =20
    Find attached POC Video.
    =20
    Dear Team Waiting for your response and I want bounty(money) with an =
    Appreciation letter for my work and effort which I have given for
    =20
    =20
    Thanks in advance
    Ejaz
    =20
    =20
    =20
    =20
    _______________________________________________
    Please visit https://lists.isc.org/mailman/listinfo/bind-users to =
    unsubscribe from this list
    =20
    ISC funds the development of this software with paid support =
    subscriptions. Contact us at https://www.isc.org/contact/ for more = information.
    =20
    =20
    bind-users mailing list
    bind-users@lists.isc.org
    https://lists.isc.org/mailman/listinfo/bind-users


    --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename=signature.asc
    Content-Type: application/pgp-signature;
    name=signature.asc
    Content-Description: Message signed with OpenPGP

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl7aFhBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcI+jBAArEp+Mid5uoFlY2131rmzMad7SLWRLui36iPTm0wm82ObHKC+l+HzfQGB yi66Q9MnbGncszgpzmUyiUjcYfP+iiEaeG7UOoT0tH9YMY1szjNg+f3F1VCXqBTD VWZXjJ6JD+7ANtS1b5nzrlY+LmgBa2/r+x6dD5fv82IU6SDx5ryaxsTuB0xm4FDJ PHBg1AhINOREam8q71WFRiuhfx8pHUg1VWU4nuIpLkqlcqOJf7++y+sTjufo6f0t SGoQfZkJP+XqLc+cwYRhEdxaInq2K67URAJOYY4oNAemBzEoXjVJqHnh2SyPPguC 5PlWYFIRril9P+uI3c3TP5g+Y5AE2M08HNTfla1Zs/8wXispRM3Nn0GDmfmMhjfc N4j3Q7uWivnvTlrCMuWZxKSKL3HK8PCI9yvrg0EdE3tgs+saqT6eyGBI5B3Crckb q7bOg/aONxGjSxa5cCm4eMWDaQIyV7ep6hf4eNjy8RaYMepiVCnvYPo9GpqYoqoQ 9sN23TcIt6SQy4zAYnG53+zCGwNIP9PfAHigmqpGQ18BXmaPHLzGWooEnvWOXCSB 54IBv31ayUEQ2MwTmtcnbTh+8KyG7XL1lhkguOg7qC8B8EjYxA3EyWMPOjzeXOr+ W3KCEubkDm/Ueht3VwaV1JqRMM3YXiuisQbJHnAhhfWnVkIM1qI=
    =rXyQ
    -----END PGP SIGNATURE-----

    --Apple-Mail=_105FBA1F-5D89-4A51-87C5-7AB89FFC11EE--
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From Michael De Roover@isc@nixmagic.com to bind-users on Sat Jun 6 04:55:26 2020
    From Newsgroup: comp.protocols.dns.bind

    Wholeheartedly agreed. Not to mention that it's extremely rude to demand fame/money like that. These are not security researchers, they're skids.

    (Please disregard the previous email, pressed the wrong reply button and realized it too late..)

    On 6/5/20 11:53 AM, Ondřej Surý wrote:
    The localhost.<foo> is not scam, but the

    „I found this on HackerOne and I now want money“ is scam.

    Remove the localhost entry from the zone, but you should not pay money
    for issues that can be produced by automated scanners.

    HackerOne is doing everyone disfavor by paying nonsensical amounts of money[*] for small issues like this. They (and other wealthy companies) should be paying money only for original security research and not this nonsense.

    * $100 is a helluva money in some economies...

    Ondrej
    --
    Ondřej Surý
    ondrej@isc.org
    --
    Met vriendelijke groet / Best regards,
    Michael De Roover
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From @lbutlr@kremels@kreme.com to bind-users on Sat Jun 6 21:03:08 2020
    From Newsgroup: comp.protocols.dns.bind

    On 05 Jun 2020, at 04:10, Jukka Pakkanen <jukka.pakkanen@qnet.fi> wrote:
    Thx for the info, had missed this one and actually we have that minor misconfiguration too. Have had since 1995 when started our nameservers and never noticed…
    If it makes you feel better, it wasn't an error in 1995.
    I remember removing the last of the localhost pointers in my dns setup less than 20 years ago. Perhaps a lot less? More than 8 years ago for sure.
    I do not remember why it was recommended in the first place for sure, but I think it was to reduce load on the DNS, nor why it stopped being recommended, probably some attack vector?
    --
    Do not meddle in the affairs of Dragons for you are crunchy and taste
    good with ketchup
    --- Synchronet 3.18a-Linux NewsLink 1.113