Subdomain security is substandard, say security researchers

Admins tend to forget that subdomains don’t inherit security controls, leaving the likes of CNN, Harvard, Cisco, and US health authorities with vulnerabilities
Abandoned or ignored subdomains often include overlooked vulnerabilities that leave organisations open to attack, according to a team of infosec researchers from the Vienna University of Technology and the Ca’ Foscari University of Venice. The team’s work will be presented at the 30th USENIX Security Symposium this August.…