Educause Security Discussion mailing list archives
Re: Microsoft the source of all evil?? Simple question
From: Glenn Forbes Fleming Larratt <gl89 () CORNELL EDU>
Date: Wed, 13 Feb 2008 12:27:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems to be a legitimate domain created only to mock Microsoft, since: =================================== $ nslookup thesource.ofallevil.com Non-authoritative answer: thesource.ofallevil.com canonical name = www.microsoft.com. www.microsoft.com canonical name = toggle.www.ms.akadns.net. toggle.www.ms.akadns.net canonical name = g.www.ms.akadns.net. g.www.ms.akadns.net canonical name = lb1.www.ms.akadns.net. Name: lb1.www.ms.akadns.net Address: 207.46.192.254 Name: lb1.www.ms.akadns.net Address: 207.46.193.254 Name: lb1.www.ms.akadns.net Address: 207.46.19.190 Name: lb1.www.ms.akadns.net Address: 207.46.19.254 =================================== the hostname "thesource.ofallevil.com" is a CNAME record (a pointer) to www.microsoft.com . As it's currently configured, it's just nonsense. One doesn't have to be too paranoid, however, to think that an attack of the form: - create this domain in this way; - get Google results in place pointing to that domain; - get people used to seeing it, over time; and then - change the entry and point the site to something actually "evil". might be perpetrated this way. - -- Glenn Forbes Fleming Larratt Cornell University IT Security Office On Wed, 13 Feb 2008, James Moore wrote:
I went looking for more documentation on Powershell on Google. The string that I used was "guide powershell" It came back with Download details: Windows PowerShell 1.0 Documentation Pack <http://thesource.ofallevil.com/downloads/details.aspx?FamilyId=B4720B00 -9A66-430F-BD56-EC48BFCA154F&displaylang=en> <http://www.siteadvisor.com/sites/ofallevil.com?ref=safesearch&client_ve r=FF_26.5_6256&locale=en-US&premium=false&aff_id=0> Documentation of Windows PowerShell 1.0, which includes the Windows PowerShell Getting Started Guide, the Windows PowerShell Primer, the Windows PowerShell ... thesource.ofallevil.com/.../details.aspx?FamilyId=B4720B00-9A66-430F-BD5 6-EC48BFCA154F&displaylang=en - 31k - Note the URL. Not having had my 2nd cup of coffee, and also trusting McAfee's SiteAdvisor(tm) , I clicked on it. The result looks surprisingly like a Microsoft site. The URL doesn't. Anyone know more about "ofallevil.com". Whois shows it in Bellevue, WA, but it is privacy protected. http://thesource.ofallevil.com/en/us/default.aspx looks very Microsoft. http://www.ofallevil.com/ returns a blank page. Jim Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4208 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFHsyikLyw7nZwiKgQRAtrzAKDcLJGPYV5pZSsU2G8drleVRP+R2ACg3nh0 zmo6YUNls9xuS3QHw3uP90s= =5tbQ -----END PGP SIGNATURE-----
Current thread:
- Microsoft the source of all evil?? Simple question James Moore (Feb 13)
- <Possible follow-ups>
- Re: Microsoft the source of all evil?? Simple question Nick Pistentis (Feb 13)
- Re: Microsoft the source of all evil?? Simple question John Kim (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Glenn Forbes Fleming Larratt (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Kevin Halgren (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Gary Flynn (Feb 13)
- Re: Microsoft the source of all evil?? Simple question Morrow Long (Feb 13)