These three security-related stories, from earlier this month, are still worth talking about: The story behind Microsoft’s purchase of Corp.com, aid for humanitarian organizations, and a great new documentary on the threats to our elections.
What’s in a Name? “Microsoft Buys Corp.com So Bad Guys Can’t,” Brian Krebs, krebsonsecurity.com, April 20, 2020
25 years ago, a sort of gold rush of domain name speculation took place, where people bought popular words like poker, insurance, travel, credit cards, or loans, hoping that they could flip the domains to big businesses. One such speculator, Mike O’Connor, may have made it big last week, after all this time. After 26 years, O’Conner sold “corp.com” to Microsoft. Although the price of the sale has not been disclosed, O’Conner offered to auction it off in February, at a starting price of $1.7 million.
Why would Microsoft pay anywhere near that for a domain name? Active Directory experts already know, but for the rest of us the explanation is interesting. Years ago, the default or example internal Active directory path was “corp,” and many organizations simply kept the default. As computers became more mobile, they began running against the internal directory path when they were not on the local network. In addition, the evolution of the Internet led to “namespace collision” where the internal domain name could overlap with domains on the internet.
The result has been that hundreds of thousands of PCs at companies around the world have been sending an unending stream of passwords and other sensitive data to corp.com. Enterprises, for their part, have been reluctant to change away from “corp.com,” even though Microsoft has been issuing warnings about namespace collision at least since 2009. The problem is that you must take down your entire Active Directory to fix this, plus it’s likely the changes will break or at least slow down mission-critical applications. The canonical discussion of the situation is by Brian Krebs and can be found here.
Aside from this being one of those great examples of how small mistakes can lead to huge consequences (especially at Microsoft?) there’s also a warning. You can have made another domain your internal default path, and it may be colliding with an outside domain. As Krebs writes, “any company that has tied their internal Active Directory network to a domain they do not control is opening itself to a similar potential security nightmare.”
Aid for Human Rights: “Protecting healthcare and human rights organizations from cyberattacks,” Tom Burt, Microsoft on the Issues, April 14, 2020.
As we mentioned above, hospitals and health organizations have become hackers’ targets during the pandemic. Most of the coverage of the Microsoft announcement has stressed aid to healthcare organizations, so we’re stressing the humanitarian side of the news.
Microsoft has a service called AccountGuard that offers several security services:
- Best practices and security guidance specific to human rights organizations.
- Access to cybersecurity webinars and workshops.
- Notification in the event of a verifiable threat or compromise by a known nation-state actor against the participant’s Office 365 account.
- Notification to both the organization and, where possible, the impacted individual if a registered Hotmail.com or Outlook.com account associated with the organization is verifiably threatened or compromised by a known nation-state actor.
- Recommendations to the participating organization for remediation if a compromise is confirmed.
- A direct line to Microsoft’s Defending Democracy Program team.
As one of the bullet points mentions, an organization must use Office 365 to use AccountGuard.
Human rights and humanitarian organizations including Amnesty International, CyberPeace Institute, Freedom House, Human Rights Watch and Physicians for Human Rights have already registered for AccountGuard through an initial pilot. You can check out the eligibility requirements here.
It’s Worse Than You Think: “HBO Documentary Shows The Value of Cybersecurity in Election Security,”Jody Westby, Forbes, April 16, 2020
Finally, for your stay-at-home video viewing, we recommend a new HBO documentary, “Kill Chain: The Cyber War on America’s Elections.” Basically, the Russian interference and disinformation campaigns are only the tip of the iceberg; and it’s a big iceberg, maybe big enough to sink democracy. Don’t take our word for it. There’s a great review of the program at Forbes.
The film came out March 26. It’s available now on HBO and free on YouTube.