Index ¦ Archives ¦ Atom

Just use subdomains

Recently Brian Krebs ran a story about a domain that dell forgot to renew and lost control of for a period of time.

One thing that I noticed from the story was that the domain was DellBackupAndRecoveryCloudStorage.com.

I have no idea why large organisations insist on registering new domains like that, DellBackupAndRecoveryCloudStorage.com could so easily be part of a command and control system just trying to stay stealthy. I remember the recent launch of AmazonLightsail.com, my first though was "is this a phishing domain"? Anyone could have registered these domains, it could be Jo from down the street.

Why not setup BackupAndRecoveryCloudStorage.dell.com or use lightsail.aws.amazon.com? That way it's clear who controls the domain, and makes life easier for network admins that want whitelist, filter or inspect traffic.

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.