Secure Science Blog

1 of 10 Fortune 1000's Vulnerable

Nowadays it seems like old-school insecurities like the phf exploit and public DNS Zone Transfers are a thing of the past. When asked about Zone transfers, many security researches admitted to not checking for them any more, waiving them off as a waste of time.

However, this is not always the case. Recent research into the matter by Secure Science's External Threat Assessment Team (ETAT) revealed that 10% of systems polled still allow unauthenticated zone transfers.

Case in point, examine the top 100 companies listed in the Fortune 1000 list. While most of these name servers did not transfer zones to the public, one out of every 10 servers offered gory details. Companies as large as Chevron, Costco, and Sears, all open their kimono to anyone who dares ask.

The 10 companies that allowed zone transfers:

Chevron
Berkshire Hathaway
Valero
Costco
Sears
Medco
Caremark
Alcoa
federated-fds.com
Merck

Interestingly, the majority of these vulnerable companies have their DNS services hosted off-site by AT&T. The following AT&T Servers have been known to spill their guts:

cbru.br.ns.els-gms.att.net
dbru.br.ns.els-gms.att.net
dmtu.mt.ns.els-gms.att.net

Who Cares?

Everyone should. In the wrong hands, a zone transfer can provide insight into the network topology of a victim's infrastructure. Such information can allow attackers further vectors for attack in order to penetrate the computer systems of the worlds largest corporations.