Comments on: Google and Wildcard Domains http://www.gnucitizen.org/blog/google-and-wildcard-domains/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: jtyrrell http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122878 jtyrrell Mon, 07 Jul 2008 12:31:30 +0000 http://www.gnucitizen.org/?p=877#comment-122878 Right, but Google doesn't have to respond to that hostname. Through HTTP, they could choose to give you a 404 error, as I'm sure they do. Right, but Google doesn’t have to respond to that hostname. Through HTTP, they could choose to give you a 404 error, as I’m sure they do.

]]> By: Albert http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122867 Albert Sun, 06 Jul 2008 17:49:01 +0000 http://www.gnucitizen.org/?p=877#comment-122867 Pdp means that if *.acme.com points to Blogspot, you can go to Blogspot and occupy blog.acme.com. The wildcard is entered in the DNS, and not at Blogspot. Pdp means that if *.acme.com points to Blogspot, you can go to Blogspot and occupy blog.acme.com. The wildcard is entered in the DNS, and not at Blogspot.

]]> By: sirdarckcat http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122752 sirdarckcat Mon, 30 Jun 2008 16:52:52 +0000 http://www.gnucitizen.org/?p=877#comment-122752 jtyrrell is right, http://help.blogger.com/bin/answer.py?answer=55373 I Notes they say: You can use this feature with domains (e.g. mysite.com) or subdomains (e.g. name.mysite.com). However, you cannot specify subdirectories (e.g. mysite.com/blog/) or wildcards (e.g. *.mysite.com). Greetz!! jtyrrell is right, http://help.blogger.com/bin/answer.py?answer=55373

I Notes they say:

You can use this feature with domains (e.g. mysite.com) or subdomains (e.g. name.mysite.com). However, you cannot specify subdirectories (e.g. mysite.com/blog/) or wildcards (e.g. *.mysite.com).

Greetz!!

]]> By: jtyrrell http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122659 jtyrrell Tue, 24 Jun 2008 00:21:52 +0000 http://www.gnucitizen.org/?p=877#comment-122659 I haven't used Blogspot, but from the services I've seen, you must first tell Google the value of the CNAME before creating the record. If you enter a wildcard into that field, it tells you that *'s aren't allowed. This is so that ghs.google.com can respond to an HTTP query properly according to the Host: header that the client sends. If an unknown Host is submitted, Google simply sends back a 404 error. So you're saying this really isn't the case with Blogspot? Oversight indeed.... I haven’t used Blogspot, but from the services I’ve seen, you must first tell Google the value of the CNAME before creating the record. If you enter a wildcard into that field, it tells you that *’s aren’t allowed.

This is so that ghs.google.com can respond to an HTTP query properly according to the Host: header that the client sends. If an unknown Host is submitted, Google simply sends back a 404 error.

So you’re saying this really isn’t the case with Blogspot? Oversight indeed….

]]> By: NurBo http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122658 NurBo Tue, 24 Jun 2008 00:16:10 +0000 http://www.gnucitizen.org/?p=877#comment-122658 This isn't anything knew Ive seen tricks done to get access to a domain gmail account. Such as @whatever.com you just trick your way into verifying and now you have the a email address with somebodys domain you can do alot of things with just a bit of that. And the image is cool in my book. This isn’t anything knew Ive seen tricks done to get access to a domain gmail account. Such as @whatever.com you just trick your way into verifying and now you have the a email address with somebodys domain you can do alot of things with just a bit of that. And the image is cool in my book.

]]> By: kuza55 http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122648 kuza55 Mon, 23 Jun 2008 12:22:11 +0000 http://www.gnucitizen.org/?p=877#comment-122648 I'm of the opinion that wildcards are simple a bad idea for security in general, and pointing them at IP addresses you don't control is just plain stupid. So have you seriously seen an administrator who thinks it's a good idea to let someone control subdomains that are under their DNS? The ghs.google.com domain doesn't seem to suffer this problem, however if you were to point the wildcard at a working domain then you are also trusting that that domain does not have xss holes. I’m of the opinion that wildcards are simple a bad idea for security in general, and pointing them at IP addresses you don’t control is just plain stupid.

So have you seriously seen an administrator who thinks it’s a good idea to let someone control subdomains that are under their DNS?

The ghs.google.com domain doesn’t seem to suffer this problem, however if you were to point the wildcard at a working domain then you are also trusting that that domain does not have xss holes.

]]> By: Liquidmatrix Security Digest » Security Briefing: June 23rd http://www.gnucitizen.org/blog/google-and-wildcard-domains/comment-page-1/#comment-122647 Liquidmatrix Security Digest » Security Briefing: June 23rd Mon, 23 Jun 2008 10:35:25 +0000 http://www.gnucitizen.org/?p=877#comment-122647 [...] Google and Wildcard Domains | GNUCITIZEN [...] [...] Google and Wildcard Domains | GNUCITIZEN [...]

]]>