Hello, welcome to the Tuesday, July 11th, 2017 edition of the Sands and Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Stockholm, Germany.

The dot-io top-level domain is often used for some of the more tech-savvy kind of webpages,

but nevertheless, apparently a few days ago,

the entire dot-io domain was ripe for a takeover given that the registrar responsible for dotio

did not renew some domain names that are used for name servers for this top level domain.

Matthew Prynd, who has made a name for himself in finding these kind of issues, realized that

NS-A1.I.O, NS-A-2 through a3.io, were available to be registered, and these domains are used for.

Dot-I.O. Name servers. So he went ahead and actually verified that his systems did receive queries for dotio domains.

He did not answer them, so all he did essentially was verify whether or not the vulnerability was real.

Kind of to add to this problem, he tried to notify the dotio registrar, but turned out that the address,

the contact email address that was published within Who is, was not valid.

Now based on his write-up, it looks like it took about a day for the dotio folks to realize

what happened and his registrations of course

were promptly revoked by his registrar. They essentially just told him there was an error

that these domains were available for registrations and they have it fixed now. As I mentioned, this isn't the first time that Matthew has run into this issue with major domains.

In the past, he has found a couple country level domains such that were affected by this.

I think dot I.O is probably the largest such domain that he has had this issue with for now.

Of course, this happens very often with corporate domains, so make sure you have control

over your name server records and the domains associated with your name servers.

And Malwarebytes came out with its quarterly Malware report.

Now, I don't usually cover every single report that the vendor comes up with.

...