"In a GitHub ticket viewed by WIRED, Lavingia also suggested abandoning Drupal, a content management system (CMS) that the VA uses for publishing updates and information about the agency and the services it provides on VA facility websites. “I think we should consider removing Drupal as part of our workflow, and all content should just live in the codebase,” he wrote."
Not only that, but my filtered DNS is resolving it to a page saying (if I proceed through the certificate mismatch) it "blocked access to baways.com because it’s in our database of phishing and malicious domains"
The first comment over there has a tool for checking, and this baways is still blocked by one popular service, but no longer blocked by mine according to the tool and my own experience. I guess the author proved new ownership to the maintainers of most lists over the last few hours.
> "blocked access to baways.com because it’s in our database of phishing and malicious domains"
Which amusingly (but not for you, since you can't see it) is one of the main topics in the article, that the security breach used that domain to exfiltrate the data to. And I'd guess that's why the company chose to buy up the domain to host this blog/ad on...
Would it be best practice for filter list maintainers to purge on expiration, though? Bad actors would be able to take advantage of that. Until there's a standard around this, maybe blacklisted domains should just remain unused.
If there is a domain that could be useful as a phishing site (a domain the original company allowed to expire, one that just looks right enough, etc) but is on the common blacklists, isn't that useful. If it dropped of the blacklists when registration expired then another nefarious type (or the same nefarious person if they are lucky) could re-register it and use it as a freshly useful phishing location until it once again got on the lists.
Though given how carefully people often don't check domains, or in some cases how easily they are hidden, which is why many phishing attacks work, this might not make a big difference overall.
For "just right", the domain also has to look more "just right" than the many unregistered names that are very close. And an aggressive filter trying to block on that basis should be doing it preemptively and not very much based on domain history.
A domain that used to be tied to the company has different considerations, but ideally it would also be blocked based on ownership changes and not wait for content.
They purposely purchased a tainted domain, seems a bit disingenuous to a) claim sec expertise and then b) complain that a previously maliciously used DNS name is blacklisted which c) is a spelling variant of a well known large corp and d) which you are hosting deceptive ad content on. And it is deceptive because unlike the title suggests there is no "challenge" mentioned in the article yet the wording strongly suggest some sort of rewarded hackathon.
If you buy a previous well own scam URL, cry me a river about being blacklisted. If you get the cheapest IPv4 don't come complaining that all you email gets classified as spam. _Especially_ if you claim to be an expert.
Are we talking about when it had malicious contents for a couple weeks in 2018? Come on, that's not tainted in 2024 by any reasonable metric.
> is a spelling variant of a well known large corp
It's talking about the large corp, and isn't even close to their real URL. And there's a lot of ways you could interpret "baways", including connections to the company called Baway and the unrelated stock ticker BAWAY. So I see what you're saying but I don't think it's a big deal.
> complain that a previously maliciously used DNS name is blacklisted
I don't see them complaining?
> And it is deceptive because unlike the title suggests there is no "challenge" mentioned in the article yet the wording strongly suggest some sort of rewarded hackathon.
That's the submitter's fault for using the subtitle instead of the title.
Yeah the pronouns throughout the a/b/c/d thing are confusing the heck out of me. I originally thought it was all about you (claiming expertise), then I considered perhaps me (complaining), and then perhaps the author of TFA (hosting). It could even be that the 3rd person "they" leading into a/b/c/d and the 2nd person "you" within item d are the same entity, which would be very strange grammar, but I really have no idea other than I was the only one complaining about (but also defending) filtering from what I can tell. Names, please!
