"Under the RFC2606 -an official standard maintained by the Internet Engineering Task Force-example.com isn't obtainable by any party. Instead it resolves to IP addresses assigned to Internet Assiged Names Authority. The designation is intended to prevent third parties from being bombarded with traffic when developers, penetration testers, and others need a domain for testing or discussing technical issues. Instead of naming an Internet-routable domain, they are to choose example.com or two others, example.net and example.org."
"Output from the terminal command cURL shows that devices inside Azure and other Microsoft networks have been routing some traffic to subdomains of sei.co.jp, a domain belonging to Sumitomo Electric. Most of the resulting text is exactly what's expected. The exception is the JSON-based response. Here's the JSON output from Friday: {"email":"email@example.com","services":[],"protocols":[{"protocol":"imap","hostname":"imapgms.jnet.sei.co.jp","port":993,"encryption":"ssl","username":"email@example.com","validated":false},{"protocol":"smtp","hostname":"smtpgms.jnet.sei.co.jp","port":465,"encryption":"ssl","username":"email@example.com","validated":false}]}"
Microsoft networks, including devices inside Azure, routed traffic destined for example.com subdomains to Sumitomo Electric's sei.co.jp domain because of a misconfiguration. RFC2606 reserves example.com, example.net, and example.org so they do not resolve to internet-routable domains and to prevent accidental traffic to third parties. cURL output and Outlook account tests returned expected site text but included a JSON response showing sample email configuration entries pointing to imapgms.jnet.sei.co.jp and smtpgms.jnet.sei.co.jp. The JSON contained unvalidated IMAP and SMTP entries. The incident exposed test-domain traffic reaching an external corporate domain, and the fix status was questioned.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]