Backdoor Security Risk: Abandoned Sub-Domains

IDG News Service writer Lucian Constantin looks at a potentially serious risk from abandoned sub-domains, a risk that was recently researched by Detectify, a Stockholm-based provider of website security. One example cited in the study was a company establishing a sub-domain for a ticketing service, then at some point closing the account but neglecting to delete the sub-domain. That’s an opening for a takeover, with nefarious results that begin with setting up a fake website. It’s unclear how often the vulnerability has been exploited, but the possibility is there: It was found in government agencies, health services providers, insurance companies and banks.