livebox 39 Posted February 20, 2020 Report Share Posted February 20, 2020 Security researcher and developer at NIC.gp. Michel Gaschet found at Microsoft serious problems managing thousands of his subdomains. According to him, the company's subdomains can be easily hacked by attackers and used in attacks on both its users and employees. Over the past three years, Gasket has repeatedly reported to Microsoft about subdomains with incorrect DNS record configurations, but the company either ignored its messages or “silently” fixed bugs, but not all of them. So, in 2017, the researcher notified of 21 vulnerable subdomains of msn.com, and in 2019, another 142 subdomains of microsoft.com. According to Gasket, the company corrected the configuration of no more than 5-10% of the subdomains that he reported. Until recently, vulnerable subdomains did not cause Microsoft any concern. However, now everything seems to have changed. The researcher identified at least one cybercriminal group hacking Microsoft subdomains in order to publish spam on them. On at least four subdomains, Basket found ads from Indonesian online casinos (portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com). According to the researcher, Microsoft is in no hurry to fix vulnerabilities on its subdomains, since this is not included in the reward payment program for detected vulnerabilities. The problem of hacking subdomains is not part of bug bounty and therefore is not a priority. Source: https://www.securitylab.ru/news/505182.php 2 Quote Link to post Share on other sites
Active Members 0xStrait 72 Posted February 20, 2020 Active Members Report Share Posted February 20, 2020 (edited) Am vazut si eu stirea asta pe Twitter undeva. Nu inteleg de ce o companie gigant cum e Microsoft a inclus o vulnerabilitate de tipul asta ca fiind out of scope. De exemplu Starbucks plateste $2,000 pentru subdomain takeover. Edited February 20, 2020 by 0xStrait Quote Link to post Share on other sites
Nytro 4681 Posted February 20, 2020 Report Share Posted February 20, 2020 Da, insa conteaza foarte multe numele acelor subdomenii. Nu ar trebui sa fie out of scope, insa payout-ul ar trebui sa fie in functie de numele subdomeniului si riscul pe care il aduce. 2 Quote Link to post Share on other sites