Source URL: https://it.slashdot.org/story/25/01/22/1851200/mastercard-dns-error-went-unnoticed-for-years?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Mastercard DNS Error Went Unnoticed for Years
Feedly Summary:
AI Summary and Description: Yes
Summary: A security researcher uncovered a five-year-long critical DNS misconfiguration in Mastercard’s systems that created significant security risks. The incident highlights the vulnerabilities in domain configurations which are vital to maintain robust information security practices.
Detailed Description:
This incident underscores the importance of vigilant security assessments and the potential for seemingly minor misconfigurations to lead to major vulnerabilities:
– **Discovery of Misconfiguration**: The misconfiguration involved one of Mastercard’s five DNS servers pointing to an incorrect address (“akam.ne”) instead of the correct one (“akam.net”).
– **Persistence and Risk**: This error went unnoticed from June 2020 to January 2025, indicating a significant lapse in security monitoring and the potential for unauthorized traffic interception.
– **Preventative Action**: Philippe Caturegli, the researcher who found the mistake, took proactive measures by registering the incorrect domain for $300 through Niger’s domain authority to block potential exploitation.
– **Mastercard’s Response**: Following the discovery, Mastercard corrected the error and stated that there was “not a risk to our systems,” although the potential for exploitation suggests there may have been unassessed risks.
This case serves as a critical reminder for organizations regarding the importance of diligent monitoring and maintenance of DNS configurations as part of their overall information security strategy. It illustrates both human error and systemic weaknesses that can lead to significant vulnerabilities and the necessity for robust security practices in safeguarding sensitive financial information.