Reply to post: And lets not forget ...

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

SImon Hobson Silver badge

And lets not forget ...

That whoever does hijack a domain like this can also get an SSL cert for it - all that's required for that is to be able to place a file in the site for the cert validator to check to "prove ownership" of the domain. So :

subdomain of microsoft,com - tick

has SSL cert (padlock icon in address bar) - tick

What could possibly go wrong !

TBH, having managed DNS before (but definitely not on such a grand scale), it's a PITA. When a business (customer in our case) wants something there an obvious trigger - register domain for customer, setup DNS. When that need goes away, no-one can be ar*ed telling you about it - so you need to run frequent checks so you can infer when a domain (or subdomain in this case) is no longer needed, and either nuke it, or invoke procedures to check and then nuke it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021