blobjim [he/him] @ blobjim @hexbear.net

Posts

96

Comments

1,367

Joined

5 yr. ago

coinbase sponsorship lmaoooooooooooooooo

a dot gov domain lmaooooooooo

That makes a lot of sense!

I think it can also basically happen with anything where there's a DNS record pointing to something not controlled by the same organization. Basically just make sure you keep your DNS records up to date!

(I also added another sentence or two to my earlier comment)

The comments on the article provide the actual answer to how this is happening. It sounds like there are DNS records that someone at these companies didn't clean up. The vulnerability is a "subdomain takeover"

szileaf Yesterday

As others pointed out, this is subdomain takeover [0]. Maybe add in the article to make it more clear? I got very confused while reading it as to what is going on, because it was not clear if it was a case of servers being hacked, somebody buying abandoned domains (have seen it in some phishing campaigns), subdomain takeover, or sth else.

But the main question is what are they trying to attempt? There do not seem to contain ads, the content is clickbait but bizarre, and I can see no obvious malicious attempt (I could miss sth, maybe steal parent domain's cookies?)

[0] https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

Found this explanation at https://0xpatrik.com/subdomain-takeover-basics/ to be good:

Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain. The most common scenario of this process follows:

• Domain name (e.g., sub.example.com) uses a CNAME record to another domain (e.g., sub.example.com CNAME anotherdomain.com).
• At some point in time, anotherdomain.com expires and is available for registration by anyone.
• Since the CNAME record is not deleted from example.com DNS zone, anyone who registers anotherdomain.com has full control over sub.example.com until the DNS record is present.

But I guess in general it's basically a company having an old DNS record that is pointing to an IP address (A or AAAA record) or domain name (CNAME record) that they no longer own.

So kind of stupid mistake to make I think?

But this kind of thing just confirms my feeling that the web and a lot of internet infrastructure is just too complex, easy to screw up, and built upon insecure technology.

If I was personally building some kind of internet service, I'd want to just provide a static IP address (so no DNS required) and use a very specific subset of the TLS protocol for security, version 1.3 only, specific ciphers only, specific X509 certificate features only.

I pity people who have to maintain web infrastructure and have to consider the intersection of all these different protocols and security problems. Would drive me crazy.

More critically, China’s petrochemical infrastructure was built with exactly this kind of supply disruption in mind. The country’s newest crackers utilize flexible furnace technology—particularly Linde’s PyroCrack systems—which can switch between gas feeds (e.g., ethane) and liquid feeds (e.g., naphtha). This is not theoretical capability; it is engineered resilience designed to handle, among other things, geopolitical volatility.

Juche-style engineering (it's actually designed/built by a UK company though).

I wish Chinese companies would contribute more to open-source software but it's understandable they'd want to build stuff that works well for Chinese people and is designed by and maintained by Chinese people. Most big open-source projects I know of are based in the US or Europe (Germany).

Could have been a part that was unmaintained or something. I wouldn't cry wolf before the dust has settled.

NYT headline:

Boeing’s 787 Dreamliner Raised Safety Concerns but Had Never Crashed Before

There are more than 1,100 of the jets in service today. Air India flies nearly three dozen of them.

https://www.nytimes.com/2025/06/12/business/india-plane-crash-boeing-787-dreamliner-safety.html

Of course I will say that everyone knows Boeing's quality has gone down since the merge with McDonnell Douglas in 1997. But that was 28 years ago...

It does certainly seem like the rate of plane crashes and shoot-downs has been increasing a lot recently.

Another reason to build more trains (which can of course have catastrophic crashes as well, and they also travel a lot slower, and there's currently a lot fewer of them).

Made in a time of purity, before it could be drowned in the voices of robots.

Simply sink the entire Russian black sea fleet

moving up in the world

Is this what we're getting instead of the military parade

There is US military stuff that is mostly built in the US. That's the one industry they've tried to keep in the US. And that probably includes infrastructure like Intel's chip fabs.

They're turning the US government into B2B SaaS.

Of course probably all this will be used to do is cheat poor people, black people, latinos, etc.

The transparency effect is definitely optional. They've always had accessibility settings for transparency related stuff.

it's still illegal to send them to NK from the US because of sanctions and stuff.

What I mean is why send them to North Korea from the US when you could just have a Chinese person in China send them? I think there are probably built-to-task devices that the guy was sending. Which I guess were just freely purchasable in the US? Unless the dude had some special access to buy stuff?

The rate of Deutschland über alles moments in the US is increasing rapidly.

Can't anyone anywhere basically buy one of those? I would assume it would have to be something that is export-controlled? It also says handheld, which makes it sound more like a standalone device, but who knows.

The HackRF One product page shows a Chinese seller, as well as ones from Singapore, Poland, Japan, etc. https://greatscottgadgets.com/hackrf/one/#purchasing

Is that why their website is occasionally returning error pages for some things https://www.unfi.com/cleaning-product-disclosure.html

I wonder if that could be wealthy Chinese people wanting an artifact for their private collections?

this article basically claims that https://www.gq.com/story/the-great-chinese-art-heist

What is this "Futurism" website? All the headlines have this extremely combative kind of headline. The parent company website is the most soulless thing I've ever seen. Look at this crap: https://recurrent.io/what-we-do/

The article says the unemployment rate for software is 6.1% compared to 4.1% in the US in general. Considering a bunch of companies have just done massive layoffs in the last few months and years, is that really something that won't go back to normal in the longer term?