We decided to have a web navigation extravaganza this week! Guilherme Venere and Jaeson Schultz from Talos Outreach have both long been researching the ways in which bad actors try to damage users' inherent trust in the internet. Most internet users interact with the web by typing in a URL or domain name into their web browser (i.e., google.com) expecting that will take them to the right place. But attackers have found various ways to mess with that series of handshakes that must take place. Guilherme and Jaeson talk to Jon about their past years of research into typosquatting domains, new TLDs that open up the door to data leaks, DNS manipulation and more.

Additional reading:

• ".Zip" top-level domains draw potential for information leaks
• DNS Hijacking Abuses Trust In Core Internet Service
• Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
• Security implications of misconfigurations
• Domain dumpster diving