Connect with us

Hi, what are you looking for?

Business

Looking for the daily news? Be careful you don’t stumble to an adult site instead

Here’s an example of why visibility into an organization’s connected third-party digital infrastructure is so important.

A man shopping online. Image by Tim Sandle
A man shopping online. Image by Tim Sandle

While the pandemic has helped to drive changes, and often improvements, to digital infrastructure, the sheer size of the Internet and its every growing history leaves many legacy systems in place. The presence of these can cause issues, and sometimes these are quite embarrassing.

Various news sites including the Washington Post and New York Magazine has ended up linking to pornographic sites. This is due to the domain takeover of a defunct video site.

The issue happened because a porn site called 5 Star Porn HD bought the domain for Vidme, which was a brief YouTube competitor founded in 2014 and shut in 2017. Its Twitter account is still up, however the domain lapsed, according to Vice Magazine.

Looking at the issue for Digital Journal is Nadav Levy, who is the product manager of external attack surface security provider Cyberpion.

According to Levy, the connection to inappropriate sites presents: “A classic example of why basic visibility into an organization’s connected third-party digital infrastructure is so important.”

With the specific case, Levy says: “In this case, the WHOIS records indicate the domain was abundant over 4 years ago which is more than enough time for the news sites to pick up on this redundant external iFrame inclusion that leads to a domain that’s available for purchase.”

He describes this as “A critical vulnerability”, and in terms of the risk when the issue is “combined with the fact the domain could end up in the wrong hands, can easily lead to a major ongoing security event or in this case we’re seeing, abuse of, and embarrassment for a company’s brand.”

However, the issue can be avoided in the future, Levy says. He states: “To prevent this type of activity, CISOs must simply start to take stock of their inventory – map and classify their assets as well as their external connections which are equally important.”

Following this, Levy says: “Once that base is covered, they should automatically scan for connected external assets that are either inactive, without a valid certificate or present error messages and if possible, go one step further and classify these external third-party assets.”

He concludes his assessment, noting: “It’s important to keep in mind that not all connections are created equal… it’s not just the WHO but also the HOW you’re connected.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Image: © AFPAddiction specialists have classified cryptocurrency addiction as a type of day-trading addiction, which has strong parallels to other forms of gambling addiction....

World

Polish firefighters said Tuesday they had recovered 100 tonnes of dead fish from the Oder river running through Germany and Poland.

Business

A solid rebound in American manufacturing, especially vehicles, following two months of declines.

Business

Elon Musk tweeted Tuesday evening that he is purchasing the Manchester United football club.