Researchers Identify "Zombie Linkages" in Expired Domains
Researchers have identified "zombie linkages" in expired domains, where systems continue to trust original owners long after they have lost control of the domain.
Researchers from USC and the University of Twente have identified a security risk they term "zombie linkages" affecting expired domains. These linkages occur when systems continue to trust an original domain owner even after the domain has expired, been transferred, or returned to the market [Help Net Security].
The study examined three widely used systems: Web PKI, Maven Central, and Ethereum Name Service. In these environments, lingering trust records can remain active long after the original owner has lost control of the domain, potentially allowing attackers to hijack these trust relationships for malicious purposes.
This phenomenon highlights a significant, often overlooked aspect of supply chain and infrastructure security. Organizations need to be aware that simply relying on domain-based trust is insufficient if the underlying lifecycle management of those domains does not account for the potential of these persistent, unauthorized linkages [Help Net Security].