Domain Hijacking Via Logic Error - Gandi and Route 53 Vulnerability

On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including and domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain.  Exploitation of this weakness did not result in the registrant details being modified in the Nominet registry, but once an adversary has taken control of a domain they are likely to be able to satisfy the checks in place that wo

Serverless Architectures, Penetration Testing and Authority

Outsourcing infrastructure to cloud service providers has fundamentally changed the face of information technology and corporate architectures in the last decade or so.  

Flexible, fast-paced development.  Rapid deployment.  Scalability.  Resilience. Minimisation of in-house hosted infrastructure. The growth of microservices and mobile technologies.