Hello, welcome to the Monday, February 1st, 2021 edition of the Santernate Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Let's start out today with a quick lesson on domain registrar security.

We have two different events here that sort of fit

that pattern in different ways. First of all, pearl.perl.com, the domain, apparently the register

account for the people behind, pearl.com was compromised, and as a result, pearl.com was compromised and as a result pearl.com was redirected to a parking

page and then ultimately offered for sale. This is still ongoing last I checked it just

returned an empty page so maybe the good folks behind Pearl are getting control back slowly.

But this can be a lengthy and very disruptive process.

Only good part here, the actual domain that is used for a lot of the Pearl tools and such

is Pearl.org, not dot com. So a Pearl

downloads and such should not really be affected by this, but shows somewhat that probably

they didn't do as well as they should in maintaining their credentials. The second domain is spamcop.net.

That domain is now operated by Cisco,

and of course a lot of spam filters are relying on updates

from spamcop.net.

Problem here was not a hijack of the domain, but instead Cisco just forgot to renew the domain,

so it expired and then was briefly not reachable over the weekend until someone at Cisco got their

credit card out and re-registered the domain. Typically, when you forget to

renew a domain, there is sort of a grace period, so it's not necessarily easy for an attacker

to quickly take over the domain, but nevertheless, of course, name resolution for your domain tends to cease.

...