dns

MasterCard fixed a major domain name server error that allowed potential interception of its Internet traffic due to a typo that went unnoticed for nearly five years. A security researcher, Philippe Caturegli, registered the misspelled domain for $300 to prevent exploitation. Although MasterCard asserted there was no real threat, Caturegli argued that the misconfiguration posed significant risks, potentially enabling Man-in-the-Middle attacks. After notifying MasterCard, he faced backlash for publicly disclosing the error, suggesting a need for better corporate acknowledgment of security vulnerabilities.

https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/