SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity
May 21, 2025
Researchers are now being encouraged to identify themselves during internet scans for transparency. Unused CNAME records pose a potential risk, allowing attackers to hijack public cloud resources. Additionally, a vulnerability in openpgp.js could enable spoofing of message signatures, raising concerns for encrypted communications. The discussion emphasizes the balance between ethical research practices and cybersecurity challenges in the digital landscape.
AI Snips
Chapters
Transcript
Episode notes
Identify Research Scans Properly
- Researchers scanning the internet should identify their scans as originating from a research project following RFC 9511.
- Set up web servers or include URLs in payloads to help targets contact the scanning organization.
Distinguishing Researchers from Attackers
- It is challenging to distinguish between benevolent researchers and attackers posing as researchers.
- Researchers typically avoid harming systems and do not send exploits, but not all behave benevolently.
Eliminate Dangling DNS Records
- Regularly audit and remove unused CNAME DNS records to prevent hijacking vulnerabilities.
- Attackers can take over unused cloud resources linked by dangling CNAMEs, gaining control of your domain.