Someone at Microsoft messed up.
It looks like they made a typo when entering the dns information for
their domain msn.com.tw. Instead of typing dns.cp.msft.net, they
entered dns.cpmsft.net. I discovered this while doing some anti-spam
research related to dns. I registered the name cpmsft.net, which was
previously unused. Now I control one fifth of the visitors and emails
to sites at msn.com.tw.
I won't do anything bad with the information I gather, but I am
redirecting people here so that the problem will be noticed and fixed.
I registered the domain as a proof of concept and out of curiosity.
Don't count on Microsoft for security!
Try linux, it's secure, easy and free!
$ dig msn.com.tw @d.twnic.net.tw.
;; QUESTION SECTION:
;msn.com.tw. IN A
;; AUTHORITY SECTION:
msn.com.tw. 86400 IN NS dns1.cp.msft.net.
msn.com.tw. 86400 IN NS dns1.dc.msft.net.
msn.com.tw. 86400 IN NS dns1.tk.msft.net.
msn.com.tw. 86400 IN NS dns3.uk.msft.net.
msn.com.tw. 86400 IN NS dns.cpmsft.net.
Date: Wed, 05 Sep 2007 15:46:44 -0700
From: Julian
To: Microsoft
Subject: DAY 0: msn.com.tw dns hijacked
This page has all the details - fix your dns NOW, your users are at risk..
http://www.julianhaight.com/msnhack.shtml
Please let me know if you need any more details or help resolving the issue.
-=Julian=-
From: Microsoft Security Response Center
To: Julian
Date: Wed, 5 Sep 2007 16:29:03 -0700
Subject: RE: DAY 0: msn.com.tw dns hijacked
Hello Julian,
Thank you for the message. I have sent this information to the appropriate group for action.
Regards,
Nate
5 Sep 2007 23:05:06 -0700: problem resolved, but you may still see this
page due to dns caching.
From: "Microsoft Online Customer Service"
Subject: RE: SRX1043638136ID - msn.com.tw dns hijack;Microsoft Online Customer Service
Date: Fri, 7 Sep 2007 04:47:56 -0000
Hello,
Thank you for your message to Microsoft Privacy.
I apologize for the delay in our response to your issue. Due to an
increase in requests, our response time is longer than usual. I
appreciate your patience in this regard.
I understand that you would like to inform us about the hijack of MSN
Domain service. I appreciate you for the time taken to inform us.
Unfortunately, I am unable to assist you with your support request as it
does not relate to Privacy.
Support contact for MSN and Windows Live products and services can be
found at:
http://support.msn.com/ for MSN products
http://support.live.com/ for Windows Live products
Please resubmit your inquiry at this Web site and a support agent will
contact you promptly with assistance.
If you are having difficulty with your Windows Live Hotmail login or
password,
Please visit: http://support.live.com/
You will see a list of available services, select
"Windows Live ID"
you can review the steps online in the Windows Live Support Frequently
Asked Questions (listed on the right-hand side), or:
o Under "What type of problem do you have" select =
"I forgot my Password"
o Complete the form and click submit to have an agent assist you with
your inquiry
If you are still unable to gain access to your account at the login,
please submit a support request:
Visit: http://support.msn.com/
Under "Standard Services" click on "Microsoft Passport Network"
Fill out the form and submit your request.
A Microsoft Passport Network support representative will contact you
shortly.
Sincerely,
Naveen
Microsoft Privacy