Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
4 résultats taggé expired  ✕
Preventing Domain Resurrection Attacks https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
20/08/2025 11:11:51
QRCode
archive.org
thumbnail

blog.pypi.org - The Python Package Index Blog - PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over PyPI accounts through password resets.

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.

Since early June 2025, PyPI has unverified over 1,800 email addresses when their associated domains entered expiration phases. This isn't a perfect solution, but it closes off a significant attack vector where the majority of interactions would appear completely legitimate.

Background
PyPI user accounts are linked to email addresses. Email addresses are tied to domain names; domain names can expire if unpaid, and someone else can purchase them.

During PyPI account registration, users are required to verify their email addresses by clicking a link sent to the email address provided during registration. This verification ensures the address is valid and accessible to the user, and may be used to send important account-related information, such as password reset requests, or for PyPI Admins to use to contact the user.

PyPI considers the account holder's initially verified email address a strong indicator of account ownership. Coupled with a form of Two-Factor Authentication (2FA), this helps to further secure the account.

Once expired, an attacker could register the expired domain, set up an email server, issue a password reset request, and gain access to accounts associated with that domain name.

Accounts with any activity after January 1 2024 will have 2FA enabled, and an attacker would need to have either the second factor, or perform a full account recovery.

For older accounts prior to the 2FA requirement date, having an email address domain expire could lead to account takeover, which is what we're attempting to prevent, as well as minimize potential exposure if an email domain does expire and change hands, regardless of whether the account has 2FA enabled.

This is not an imaginary attack - this has happened at least once for a PyPI project back in 2022, and other package ecosystems.

TL;DR: If a domain expires, don't consider email addresses associated with it verified any more.

blog.pypi.org EN 2025 PyPI expired domains Resurrection-Attacks
Funding Expires for Key Cyber Vulnerability Database https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/
16/04/2025 09:09:25
QRCode
archive.org

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract…

krebsonsecurity EN 2025 Vulnerability Database MITRE CVE CWE non-profit expired
MITRE warns that funding for critical CVE program expires today https://www.bleepingcomputer.com/news/security/mitre-warns-that-funding-for-critical-cve-program-expires-today/
16/04/2025 09:07:32
QRCode
archive.org
thumbnail

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry.

bleepingcomputer EN 2025 CVE MITRE USA Warning CWE expired
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains https://inti.io/p/when-privacy-expires-how-i-got-access
22/05/2024 19:41:24
QRCode
archive.org

Cybersecurity has always been transient: what is deemed to be secure today, may be considered easily hackable tomorrow. Domain names in web and e-mail addresses, such as info@inti.io, are leased in time. This means that if nobody thinks of renewing them after they expire, they will be put up for sale. It made me wonder what would happen to the graveyard of cloud accounts attached to the e-mail addresses that once belonged to these expired domains.

inti.io EN 2024 privacy expired domains research
4737 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio