This story is still breaking, but early indications are that: 1. An attacker at AS10297 (or a customer thereof) announced several more specific subsets of some Amazon DNS infrastructure prefixes:
205.251.192-.195.0/24 205.251.197.0/24 205.251.199.0/24 2. It appears that AS10297 via peering arrangement with Google got Google's infrastructure to buy (accept) the hijacked advertisements. 3. It has been suggested that at least one of the any cast 8.8.8.8 resolvers performed resolutions of some zones via the hijacked targets. It seems prudent for CAs to look into this deeper and scrutinize any domain validations reliant in DNS from any of those ranges this morning. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
