How $20 and a lapsed domain allowed security pros to undermine internet integrity While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. During that effort, they found, or so they claim, a way to undermine certificate authorities, which the world trusts to keep the internet safe by verifying the identity …
I would bet a round of drinks that every El Reg reader has been involved in a project where if you can show the new 'current state' matches the desired end state then this has been treated as the project being complete. Never mind all those old bit of hardware/software, they will all fall away soon enough once people go through a hardware refresh because who would not update their pointers to the super new ones?
I would also suspect that a number of you have spent months trying to close out old domains etc where the person who 'owned' them within the company left multiple years ago and nobody since has had the courage to kill them off since 'someone may still be using them'. I know that all the change management processes I have suffered require positive approval from an owner and rarely can cope if said owner is no longer available.
If there is a service that is used once or twice a year, but is collecting and crunching data every day, then one day you have important angry person (that you never heard of) coming why they cannot log in to do their end of year reports, where is the data?
Now it is a pickle, how to generate months' worth of data if other services only keep aggregate numbers.
There is, of course, an XKCD for this (loosely): Dependency.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
