hannoDec 10
German ministry renames itself, domain expires, is bought by SEO-spammer, expires again, is bought by domain grabber, then later bought by itsec company who now learns that apparently plenty of internal systems of the ministry still try to connect to the domain...
I don't even know where to start how terrible that is and what it tells us about government IT security practices...
https://mint-secure.de/bundesdomain-im-blindflug-dns-leaks-und-ein-jahrzehnt-it-nachlaessigkeit/
@TimPhSchaefers good work!
Bundesdomain im Blindflug: DNS-Leaks und ein Jahrzehnt IT-Nachlässigkeit

Der Artikel zeigt, wie die vergessene Bundesdomain bafl.de weiterhin von Behörden-Systemen genutzt wird und DNS-Logs ausgewertet wurden.

Mint Secure
Show threadhannoDec 10
I do wonder whether @TimPhSchaefers plans to transfer the domain back to them or keep it. I guess the latter would be safer for them.
Otherwise we may have an update to that story again in 10 years that they lost it again or something...
Show threadgregR ☯Dec 11
@hanno @TimPhSchaefers Hi, is there an english version of this blogpost or the ccc presentation ?
https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/verlorene-domains-offene-turen-was-alte-behordendomains-verraten
Great job !
Here is another example in french. French only, sorry
https://guillem.lefait.fr/martinique/2021/06/25/pwn-region-martinique-domain-control.html
[39c3] Verlorene Domains, offene Türen - Was alte Behördendomains verraten

Im Rahmen der Untersuchung zeigten sich nicht nur Fehlkonfigurationen, sondern auch Phänomene wie Bitsquatting und Typoquatting innerhalb der Verwaltungsnetze. Mit dem Betrieb eines DNS-Servers und dem Erwerb von bund.ee (naher Typosquatting/Bitqu...

39c3
Show threadTim

@gregr @hanno
Thank you. There will be an english translation of the CCC talk I guess.

Heise has a Newsarticle in english about our case: https://www.heise.de/en/news/Digital-Trust-in-Danger-When-Authorities-Forget-Their-Old-Domains-11111066.html

Digital Trust in Danger: When Authorities Forget Their Old Domains

Abandoned government web addresses enable disinformation and fraud. The federal government lacks uniform rules and transparency.

heise online
Dec 11 at 4:45pmWeb
Show threadgregR ☯Dec 11
@TimPhSchaefers @hanno many thanks !