Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites
If you saw a link to mybrowser.microsoft.com, would you have trusted it? Downloaded and installed an Edge update from it? How about identityhelp.microsoft.com to change your password?
Well, you shouldn't have, because the pair were among sub-domains hijacked by vulnerability researchers to prove Microsoft is lax with its own online security.
In short, the Windows giant allowed hundreds of sub-domains – at least 670 – on its big-name microsoft.com, skype.com, visualstudio.com, and windows.com properties to potentially fall into the hands of miscreants who could have commandeered them for phishing and malware distribution.
The caper
It basically would work like this, similar to previous reports o ..
Support the originator by clicking the read the rest link below.
