Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dell Lost Control of Key Customer Support Domain for a Month in 2017 (krebsonsecurity.com)

Posted by msmash on from the security-woes dept.

Brian Krebs reports: A web site set up by PC maker Dell to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." It's designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name -- DellBackupandRecoveryCloudStorage.com -- which until recently was central to PC maker Dell's customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell's contractor regained control over it.

13 of 73 comments (clear)

  1. People are so fucking incompetent... by Nutria · · Score: 4, Insightful

    I've got to wonder if the Internet has caused a *lot* more problems than it's solved.

    --
    "I don't know, therefore Aliens" Wafflebox1
    1. Re:People are so fucking incompetent... by barbariccow · · Score: 2

      "Lost without GPS" is a big issue for me. IT's very annoying when folks can no longer handle directions like "turn left at the second light" and instead need to take their eyes off the road every 4 seconds to see how close they are getting to said light.

  2. Why more than one? by XanC · · Score: 2

    Why not just have everything off of dell.com? Wouldn't that make more sense AND be easier to manage?

    1. Re: Why more than one? by guruevi · · Score: 3, Informative

      In large corporations itâ(TM)s often easier to register a new domain than go through the hoops of getting a subdomain approved.

      Where I work, it takes me $8 and a half hour work to get a domain but it can easily take me 6 work hours across 2-4 weeks to get a subdomain.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:Why more than one? by crow · · Score: 3, Interesting

      As a Dell employee, I couldn't agree more. We're heading into open enrollment right now for next year's benefits, and there are a bunch of web sites that we use for various parts of it, and while they all have "dell" in the domain name, none of them are subdomains off of dell.com. It's crazy.

      And this after the security training where we were told to watch out for suspicious domain names.

      I suspect the reason is that they keep everything under dell.com controlled by Dell directly, so anything contracted to an outside vendor needs its own domain. But at the very least, they should set up for all the valid domains a redirect from subdomain.dell.com to subdomaindell.com so they could still advertise a professional-looking domain.

    3. Re:Why more than one? by ctilsie242 · · Score: 2, Insightful

      I know this isn't possible, but maybe businesses should have a separate domain that they can federate out to contractors. For example, keep dell.com for core stuff, then have a second domain, dellstuff.com that Dell could hand contractors foo.dellstuff.com, bar.dellstuff.com, etc. This way, if bar.dellstuff.com has issues, it is obvious who the contractor is, and there isn't a need to keep adding new domains. This way, if it doesn't come from dell.com or dellstuff.com, it is almost certainly a fake.

    4. Re: Why more than one? by ledow · · Score: 3, Insightful

      Precisely because any idiot can register a domain with dell in the title, but to get an authorised subdomain.dell.com goes through a verification process and is immediately and obviously representative of Dell as a corporation.

      This is the exact point, I think, and what you WANT to be doing.

      I've gone to great lengths to remove all the old crappy domains that my workplaces insisted on buying up, or using for one-off events, and pushing everything under subdomains. To the point that "drive.domain.com" is actually our Google Drive link (so it automatically knows to sign you in with that domain account rather than your personal GMail, etc.).

      Literally any idiot on the planet can register a domain with your name in. Chasing and pre-registering such - unless you hold a trademark that you need to enforce - is almost impossible, and an endless game of new TLDs and tricks (e.g. "fordsucks.com") make it a no-win game.

      Buy one domain. Put everything on it. Hell, buy two so you have a backup (e.g. companyname.com, companyname.countrycode) and can quickly tell people "don't use the .com, use the local domain for now until we're back up, as it points to our secondary systems and always has."

      But myriad psuedo-related domain names that you forget about while they're running business-critical systems with live user data and the expectation that you'll own them forever is a really stupid idea. And... technically... who owns those domains? Did you register the correct contacts, could you take it over if you wanted? What about the DNS does it actually go to your company's DNS or goes it bounce via yours thus leaving the company in a fragile position should you leave or want to snoop data (e.g. SSL is reliant on DNS being authoritative)? Do those domains have the company SPF fields? Are they included in the main mail domain's SPF record? DKIM? SSL certificate? There are no end of reasons to actively block such adhoc registration in preference to FORCING YOU to jump through the hoops.

      "An easy life" and "security" are often polar opposites.

  3. Sigh. by ledow · · Score: 2

    This annoys me.

    Why not "backupandrecoverywhateveryouwant.dell.com" as the business-critical bit of it (hard-coded into software, etc.) and then if you REALLY need to, make

    www.ridiculousdomainnamehere.com just resolve to that subdomain.

    Then nobody is going to let dell.com expire (you would hope), if they do, the service will still work as expected and not be subject to compromise, and worse that happens if you have to tell customers to update their bookmarks if there was some user-focused web element on that domain (but, hey, without the secured login to the dell.com subdomain, it wouldn't matter right?).

  4. New problems but not more problems by sjbe · · Score: 4, Informative

    I've got to wonder if the Internet has caused a *lot* more problems than it's solved.

    Let me put your mind at ease. The internet has caused new problems to be sure but it has resolved even more old ones. I'm old enough that I pre-date the internet in anything remotely resembling its current form and I pre-date the world wide web by multiple decades. I can assure you that the Good Old Days weren't all that good and that the the internet has solved substantially more problems than it has caused. Nothing is perfect and people are still just as incompetent as they ever were but that doesn't mean the technology is a bad thing.

  5. I receive fake Dell support calls every month by JoeyRox · · Score: 2

    The caller knows my name, address, phone number, and which Dell system I purchased. Dell's corporate security is non-existent.

    1. Re:I receive fake Dell support calls every month by chispito · · Score: 2

      Did you buy direct from Dell? TFA mentions such scams, including that the scammers know the service tags of the systems they're calling about. I ask because I suppose it's possible that a re-seller may have been breached, though it makes a lot more sense that it would be Dell itself.

      When did you buy the system and when did you start receiving the calls? If you bought the system recently, that suggests a recent or ongoing breach. If you bought the system a year ago and received the first call six months ago, then Dell is being especially negligent with disclosure or, even worse, doesn't know the scope of the breach.

      No matter what, it's pretty solid evidence they have been breached.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
  6. To those asking "why not a dell.com subdomain" by Burdell · · Score: 2

    The big reason a company wouldn't want to allow contractors and other miscellaneous sites under a subdomain of the main domain is how browsers treat domains. Cookie access, cross-site scripting, etc. could all be problems, unless you change the main website to also act under a subdomain, and make sure everything is restricted properly.

  7. Affecting lives by sjbe · · Score: 2

    The issue is that the tech makes is easier to affect more people's lives. It's a double-edged sword and will get sharper.

    That is better than the converse which is an inability to affect lives. Seriously, you do NOT want to go back to the days of the Pony Express if you catch my meaning.

    Yes there will be new issues to resolve but that's no different than it has ever been. Every new non-trivial technology has new issues to deal with and it takes society some time to come to grips with them. The industrial revolution has been one long series of new technologies affecting people's lives in ways they need to come to grips with. The so called information age will be no different in that regard.