Local Networks Go Global When Domain Names Collide

Credit to Author: BrianKrebs| Date: Fri, 23 Aug 2024 14:12:31 +0000

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem.

Read more

Corp.com is up for sale – check your Active Directory settings!

Credit to Author: Danny Bradbury| Date: Fri, 14 Feb 2020 10:51:44 +0000

An old, dormant domain is going on sale – and the results could be catastrophic for enterprises with common Active Directory misconfigurations.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/eNE2lUuM6GI” height=”1″ width=”1″ alt=””/>

Read more

Dangerous Domain Corp.com Goes Up for Sale

Credit to Author: BrianKrebs| Date: Sat, 08 Feb 2020 17:32:04 +0000

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.

Read more