[kotaKat]

Through a series of connections I know a guy that knows a guy that works at Microsoft that was made aware and the changes have been reverted. Give 'er 30 minutes TTL ;)

[rubyfan]

This is my favorite HN comment of 2023.

[rand1239]

HN is a wormhole through which you can connect pretty much anyone in tech industry.

[jgoodknight]

This is my second favorite HN comment of 2023

[zenexer]

192.168.1.1 is gone now, but all authoritative nameservers are still offering 192.168.1.0. Oops.

[adolph]

A few are dropping 192.168.1.0 now:

  as of 1703035296:
  ns1-39.azure-dns.com no longer has 192.168.1.0 for microsoft.com
  1.1.1.1 still has 192.168.1.0 for microsoft.com
  8.8.8.8 still has 192.168.1.0 for microsoft.com
  76.76.2.0 no longer has 192.168.1.0 for microsoft.com
  9.9.9.9 still has 192.168.1.0 for microsoft.com
  208.67.222.222 still has 192.168.1.0 for microsoft.com
  185.228.168.9 still has 192.168.1.0 for microsoft.com
  76.76.19.19 still has 192.168.1.0 for microsoft.com
  94.140.14.14 still has 192.168.1.0 for microsoft.com

[zenexer]

Only one of those is authoritative. All of the authoritative servers have dropped it. Microsoft has fixed the issue.

[awill]

Yea, sure, but that's like saying "company X stopped selling poison, it's Shop Y's fault that they're still selling it".

Nope. This is still Microsoft's fault while non-auth servers update.

[zenexer]

First we wanted to see Microsoft update the authoritative nameservers, then move on to monitoring propagation. Conflating the two makes it difficult to monitor whether Microsoft actually fixed it correctly this time, as they appear to have screwed up their first attempt.

I wasn't attempting to address blame since I figured that was obvious enough.

[jaza]

30 minutes minutes or 30 Windows minutes? :P

[wkjagt]

Actually, it’s looking more like 6 days. No wait, 30 seconds.

[rasengan]

This isn’t something that I think should be diluted.

If it’s that simple for a stray record to be included in the dns round robin it could have been bad if it was an external ip with a machine setup by a phisherman especially since control of a domain is all you need to get an ssl cert now.

Couple this with the fact that it’s Microsoft, one of the most relied on companies in our computer world, this is pretty darn horrible.

[nullbytes]

Microsoft also has some of the phishiest looking domains when you are redirected around the O365 cloud.

[varun_ch]

Absolutely, I am so glad I'm not the only person who feels this way. Microsoft does not understand domain names.

They use 1drv.ms as the domain in OneDrive emails, and sometimes it almost looks like the .ms ccTLD belongs to them - it very much doesn't, anyone can register a .ms domain.

windows.net being an Azure domain that third parties can have content under is fitting.

It sometimes looks like they want their users to be phished.

Microsoft is a smart company though, I really hope they can sort this out.

[rvnx]

100%. Starting with "onmicrosoft.com". A phisher wouldn't really have to control Microsoft.com to take advantage of confusion.

[horusthegame]

There were several phishing attempts from that domain, onmicrosoft.com, to my personal email account this past week.

[rbanffy]

Microsoft.com has been constantly trying to fool me into subscribing to their Office tools.

[bombcar]

The only thing that competes is the redirecting when you log into any health portal.

[fusehais]

Indeed, take a look at the lists of azure and o365 domains, they're all over the place:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/u...

https://learn.microsoft.com/en-us/azure/security/fundamental...

[mschuster91]

Yeah. Easy to spot when your session expires - first they're still using login.live.com, just to redirect you to login.microsoftonline.com.

[statictype]

For all this to work you need to control the domain. Is that easier than simply breaking into their systems and owning their servers?

[Cpoll]

That's exactly what they're saying.

> it could have been bad if it was an external ip with a machine setup by a phisherman

I.e. one of the IPs for microsoft.com belongs to $phisher, which means they control (a subset of the traffic going to) the domain. They can't add CNAME records for certificate validation, but LetsEncrypt for example offers HTTP-based validation.

Not sure how Microsoft sets up their certificate pinning, it might not be quite that easy.

[notakio]

For the Microsoft.com domain, proper, there seem to be no existing CAA rules, allowing each and every CA on earth to issue certificates based on whatever criteria the CA requires. What could possibly go wrong with that approach?

[rasengan]

It might also be a highly targeted attack on someone with precious information wherein someone was able to hack a simple router and in order to get access to their actual microsoft.com account, they simply setup a phisherman's clone on the router and captured the login/password/2fa and got into the account.

[water9]

Sometimes it’s easier to bribe then to break

[Geezus_42]

I know myself through a series of connections as well. ;) ;)

[rand1239]

If you know yourself through a series of connection then that's a false you.

[abound]

Not necessarily, in the same sense that I'm my neighbor's neighbor.

[gorlilla]

You're also an alien's alien.

[rand1239]

That's just a sentence. Not who you are.

https://en.wikipedia.org/wiki/Self-enquiry_(Ramana_Maharshi)

[stkai]

I see them both. My TTL will run out at 16:39 PST, though.

[petee]

TTL appears to be set to an hour. But either way, its been 45 min and the primary ns1-39.azure-dns.com is still offering up 0.1

[dboreham]

Few months early April 1 stunt?

[Krutonium]

GG, Gone for me now.

[workfromspace]

Do we need to restart our Windows machines? :)

[awill]

that's the solution to all Windows problems, so yes :)