Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Every dot matters - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Every dot matters

Couple of days ago, one of our readers, Lee Dickey, reported a strange behavior of a link on Microsoft's Technet web page with information about SP2 for Vista. At first look, it appeared that a web page hosted by Microsoft was compromised as it redirected the browser to an external web site which was simply some kind of a search engine.

The screenshot of the page is shown below, can you spot the error?

technetmicrosoft.com

That's right – a dot is missing between technet and microsoft.com, so the link actually pointed to technetmicrosoft.com, which is a domain registered by someone in the USA as easily checked with WHOIS.

So what happened here? Nothing malicious – it was simply an error by someone at Microsoft or a typo, however, what should be stressed out is the importance of link validation – if the owner of the technetmicrosoft.com domain was malicious, he could have done some serious damage. Luckily, Lee notified Microsoft as well and this was fixed quickly.

--
Bojan

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh April 2019

Bojan

376 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!