Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Every dot matters SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Every dot matters

Couple of days ago, one of our readers, Lee Dickey, reported a strange behavior of a link on Microsoft's Technet web page with information about SP2 for Vista. At first look, it appeared that a web page hosted by Microsoft was compromised as it redirected the browser to an external web site which was simply some kind of a search engine.

The screenshot of the page is shown below, can you spot the error?

technetmicrosoft.com

That's right – a dot is missing between technet and microsoft.com, so the link actually pointed to technetmicrosoft.com, which is a domain registered by someone in the USA as easily checked with WHOIS.

So what happened here? Nothing malicious – it was simply an error by someone at Microsoft or a typo, however, what should be stressed out is the importance of link validation – if the owner of the technetmicrosoft.com domain was malicious, he could have done some serious damage. Luckily, Lee notified Microsoft as well and this was fixed quickly.

--
Bojan

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Amsterdam October 2020

Bojan

392 Posts
ISC Handler
May 5th 2009

Sign Up for Free or Log In to start participating in the conversation!