Also exposes the vulnerabilities in the automated process of issuing certificates.  If all that it takes is an email address in the registrant's data (which is an email record that is updated or changed periodically through email), then it is not difficult for a benign or malignant security professional to obtain a certificate which would in turn open up a gateway to the registrant's domain.  (I may be wrong)

Sivasubramanian M


Sent by a Verified
Sent by a Verified sender
sender


On Thu, Sep 12, 2024 at 10:25 AM Carlton Samuels via CPWG <cpwg@icann.org> wrote:
Well, it seems all his stars were aligned.....
 
https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/

Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================
_______________________________________________
CPWG mailing list -- cpwg@icann.org
To unsubscribe send an email to cpwg-leave@icann.org

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.