top | item 22815235

(no title)

The presence of this subdomain does not necessarily prove what exactly _was_ behind this subdomain, but SecurityTrails shows that it did in fact exist during the period when Zoom has misconfigured their network and allowed their DNS records to leak from their internal network.

It additionally appears that there are many other obscene domain names that had leaked out, including f*ckmenumb.athena.ipa.zoom.us [1].

The issue of course is that to my knowledge there are no other historical DNS databases that corroborate the existence of this subdomain, it seems only SecurityTrails has this record.

Two additional notes:

1) The fact that calls are not E2E on Zoom makes the presence of this dashboard entirely possible from a purely technical standpoint. 2) Alex Stamos has been hired by Zoom, which I find interesting timing-wise..., perhaps I am missing context.

[1] https://twitter.com/TwelveSecurity/status/124714209506588672... [2] https://twitter.com/zoom_us/status/1247862458187841537

discuss

No comments yet.