IMO, this is user error. GitLab adding validation on their side at app level is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		joshfng on Feb 12, 2018 \| parent \| context \| favorite \| on: GitLab Pages Security Issue Notification IMO, this is user error. GitLab adding validation on their side at app level is a nice to have feature for sure. Ultimately though, keep your DNS records up to date! If you stop using a service, stop pointing your records to it, simple. If you point any record to a service that matches based on CNAME, A or some other arbitrary value expect squatting/"hijacking" to occur if you delete your reservation of that name.

EdOverflow on Feb 12, 2018 [–]

I am the security researcher that reported this issue to GitLab. There is more to the issue than is described in GitLab's security advisory and it was definitely a design flaw on GitLab's part. Hopefully, more details will be published soon.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact