Slashdot Mirror
Dell Lost Control of Key Customer Support Domain for a Month in 2017 (krebsonsecurity.com)
Brian Krebs reports: A web site set up by PC maker Dell to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." It's designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name -- DellBackupandRecoveryCloudStorage.com -- which until recently was central to PC maker Dell's customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell's contractor regained control over it.
I've got to wonder if the Internet has caused a *lot* more problems than it's solved.
"I don't know, therefore Aliens" Wafflebox1
I know this isn't possible, but maybe businesses should have a separate domain that they can federate out to contractors. For example, keep dell.com for core stuff, then have a second domain, dellstuff.com that Dell could hand contractors foo.dellstuff.com, bar.dellstuff.com, etc. This way, if bar.dellstuff.com has issues, it is obvious who the contractor is, and there isn't a need to keep adding new domains. This way, if it doesn't come from dell.com or dellstuff.com, it is almost certainly a fake.
Precisely because any idiot can register a domain with dell in the title, but to get an authorised subdomain.dell.com goes through a verification process and is immediately and obviously representative of Dell as a corporation.
This is the exact point, I think, and what you WANT to be doing.
I've gone to great lengths to remove all the old crappy domains that my workplaces insisted on buying up, or using for one-off events, and pushing everything under subdomains. To the point that "drive.domain.com" is actually our Google Drive link (so it automatically knows to sign you in with that domain account rather than your personal GMail, etc.).
Literally any idiot on the planet can register a domain with your name in. Chasing and pre-registering such - unless you hold a trademark that you need to enforce - is almost impossible, and an endless game of new TLDs and tricks (e.g. "fordsucks.com") make it a no-win game.
Buy one domain. Put everything on it. Hell, buy two so you have a backup (e.g. companyname.com, companyname.countrycode) and can quickly tell people "don't use the .com, use the local domain for now until we're back up, as it points to our secondary systems and always has."
But myriad psuedo-related domain names that you forget about while they're running business-critical systems with live user data and the expectation that you'll own them forever is a really stupid idea. And... technically... who owns those domains? Did you register the correct contacts, could you take it over if you wanted? What about the DNS does it actually go to your company's DNS or goes it bounce via yours thus leaving the company in a fragile position should you leave or want to snoop data (e.g. SSL is reliant on DNS being authoritative)? Do those domains have the company SPF fields? Are they included in the main mail domain's SPF record? DKIM? SSL certificate? There are no end of reasons to actively block such adhoc registration in preference to FORCING YOU to jump through the hoops.
"An easy life" and "security" are often polar opposites.