Ooh, looks like a great investment ...

"It was terrifying,” Schmidt said. “We discontinued the experiment after 15 minutes and destroyed the data. A well-known offensive tester that consulted with JAS on this remarked that during the experiment it was ‘raining credentials’ and that he’d never seen anything like it.”

@thegibson @yojimbo I should email this to my company’s IT since I had previously pointed out using .corp as AD TLD was wrong. Sigh.

@yojimbo I don’t understand why the DNS normalisation rewrites ‘corp’ to ‘’, at all. It should just fail to resolve if outside of AD network?? (unless .corp is in new icann TLDs)

@sophistoche It will be down to the DNS search order - if you pass an unterminated name (i.e. one that doesn't end with a .) your machine will try to query for a whole series of alternatives in the local DNS - which should be subject to the organisation's own settings, but if the computer in question is "at starbucks" then it's at the mercy of crappy consumer-grade wifi routers.

If you ask for "machine.corp" and don't get an answer, your DNS service (should be just your PC, but sometimes the DNS servers will get in to the mix by being over-helpful) will generally try adding some suffixes to the end, which should be pretty much only "". If those don't match, your PC might try ".com", ".net" or ".org" (because after all, those were the only important domains, right?)

It needs a series of misconfigurations to make it go bad, but that's the nature of a standard Microsoft environment - an unending series of -by-default-but-works-enough-that-you-never-bother-configuring-it-until-its-too-late

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.