this post was submitted on 12 Jun 2025
54 points (100.0% liked)

news

24104 readers
806 users here now

Welcome to c/news! Please read the Hexbear Code of Conduct and remember... we're all comrades here.

Rules:

-- PLEASE KEEP POST TITLES INFORMATIVE --

-- Overly editorialized titles, particularly if they link to opinion pieces, may get your post removed. --

-- All posts must include a link to their source. Screenshots are fine IF you include the link in the post body. --

-- If you are citing a twitter post as news please include not just the twitter.com in your links but also nitter.net (or another Nitter instance). There is also a Firefox extension that can redirect Twitter links to a Nitter instance: https://addons.mozilla.org/en-US/firefox/addon/libredirect/ or archive them as you would any other reactionary source using e.g. https://archive.today/ . Twitter screenshots still need to be sourced or they will be removed --

-- Mass tagging comm moderators across multiple posts like a broken markov chain bot will result in a comm ban--

-- Repeated consecutive posting of reactionary sources, fake news, misleading / outdated news, false alarms over ghoul deaths, and/or shitposts will result in a comm ban.--

-- Neglecting to use content warnings or NSFW when dealing with disturbing content will be removed until in compliance. Users who are consecutively reported due to failing to use content warnings or NSFW tags when commenting on or posting disturbing content will result in the user being banned. --

-- Using April 1st as an excuse to post fake headlines, like the resurrection of Kissinger while he is still fortunately dead, will result in the poster being thrown in the gamer gulag and be sentenced to play and beat trashy mobile games like 'Raid: Shadow Legends' in order to be rehabilitated back into general society. --

founded 4 years ago
MODERATORS
Alaskaball@hexbear.net
ZoomeristLeninist@hexbear.net
carpoftruth@hexbear.net
Breath_Of_The_Snake@hexbear.net
context@hexbear.net
Infamousblt@hexbear.net
FALGSConaut@hexbear.net
54
Domains owned by Nvidia, Stanford, NPR, and the U.S. government are hosting pages full of AI slop (www.404media.co)
submitted 3 days ago by thirstyskyline@hexbear.net to c/news@hexbear.net
5 comments fedilink hide all child comments
 

On a site seemingly abandoned by Nvidia for events, called events.nsv.nvidia.com, a spam marketing operation moved in and posted more than 62,000 AI-generated articles, many of them full of incorrect or incomplete information on popularly-searched topics, like salon or restaurant recommendations and video game roundups.

On the vaccines.gov domain, topics for spam blogs include “Gay Impregnation,” “Gay Firry[sic] Porn,” and “Planes in Top Gun.”

you are viewing a single comment's thread
view the rest of the comments
[–] blobjim@hexbear.net 10 points 2 days ago* (last edited 2 days ago) (2 children)

The comments on the article provide the actual answer to how this is happening. It sounds like there are DNS records that someone at these companies didn't clean up. The vulnerability is a "subdomain takeover"

szileaf Yesterday

As others pointed out, this is subdomain takeover [0]. Maybe add in the article to make it more clear? I got very confused while reading it as to what is going on, because it was not clear if it was a case of servers being hacked, somebody buying abandoned domains (have seen it in some phishing campaigns), subdomain takeover, or sth else.

But the main question is what are they trying to attempt? There do not seem to contain ads, the content is clickbait but bizarre, and I can see no obvious malicious attempt (I could miss sth, maybe steal parent domain's cookies?)

[0] https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

Found this explanation at https://0xpatrik.com/subdomain-takeover-basics/ to be good:

Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain. The most common scenario of this process follows:

  • Domain name (e.g., sub.example.com) uses a CNAME record to another domain (e.g., sub.example.com CNAME anotherdomain.com).
  • At some point in time, anotherdomain.com expires and is available for registration by anyone.
  • Since the CNAME record is not deleted from example.com DNS zone, anyone who registers anotherdomain.com has full control over sub.example.com until the DNS record is present.

But I guess in general it's basically a company having an old DNS record that is pointing to an IP address (A or AAAA record) or domain name (CNAME record) that they no longer own.

So kind of stupid mistake to make I think?

But this kind of thing just confirms my feeling that the web and a lot of internet infrastructure is just too complex, easy to screw up, and built upon insecure technology.

If I was personally building some kind of internet service, I'd want to just provide a static IP address (so no DNS required) and use a very specific subset of the TLS protocol for security, version 1.3 only, specific ciphers only, specific X509 certificate features only.

I pity people who have to maintain web infrastructure and have to consider the intersection of all these different protocols and security problems. Would drive me crazy.

[–] gil2455526 3 points 2 days ago

These takeovers are extremely common in Brazilian city governments websites.

[–] leftAF@hexbear.net 3 points 2 days ago* (last edited 2 days ago) (1 children)

Very bizarre that the article didn't touch on it.

The comment didn't explain it entirely but I figured all these domains pointed to a hosted content management system somewhere. Then that domain either expired or it was CNAMEs the whole way down to some "cloud" providers' default generated DNS (eg nvidia-hosted-cms.azurewebsites.net). Or they all used the same CMS which had an exploit developed for it.

Happened to EA's Steam competitor before: https://www.bleepingcomputer.com/news/security/ea-fixes-origin-game-platform-to-prevent-account-takeovers/

[–] blobjim@hexbear.net 3 points 2 days ago* (last edited 2 days ago)

That makes a lot of sense!

I think it can also basically happen with anything where there's a DNS record pointing to something not controlled by the same organization. Basically just make sure you keep your DNS records up to date!

(I also added another sentence or two to my earlier comment)