Oddbean

▲ ▼

 okta365dev[.]cloud is legit, i'm sure. Thanks Godaddy/Google.

okta-route[.]com, route-okta[.]com, outreach-okta[.]com look super great for everyone, thanks Amazon/Network Solutions.

▲ ▼

 testokta[.]com brought to you from the fine folks at Google's registrar and hosting.

oktaDOD.com from Namesilo/Aws

Oh, oh, oh, someone go thank the discerning folks at Namecheap and Amazon for okta-riotgames.com (primary domain uses markmonitor/akamai)

▲ ▼

 yourokta[.]com - IONOS SE playing a supporting role

and let's take a peek at cgslnc-okta[.]com - that's an L - as software company CGS at cgsinc.com is probably a juicy target, with pivots to IBM, Microsoft, Dell, MasterCard, and more.

Registrars are the problem, people.

▲ ▼

 @3e3ce96c maybe. it also keeps someone from being beholden to a single registrar or gatekeeping under a single subdomain under Okta where DoS attacks take out everybody. They’re tilted toward fault tolerance but at the expense of assurance and trust.

▲ ▼

 @6b24927c When it's either got a typo homograph (like the CGS one) or has an MX record not pointing to the primary domain (like the riot games one) it raises my suspicion much, much higher.

▲ ▼

 @3e3ce96c looks like I misread your post. Yes, you’re totally right. I mistook the point to be about subdomains generally, not typosquatting ones. A verifiable TXT record back to Okta might help a bunch, but it’d only be compensating for the weakness in the overall system which you’re rightly highlighting. What a mess.

▲ ▼

 @6b24927c Always appreciate the second set of eyes - you're not wrong about not keeping all eggs in one basket.

▲ ▼

 Riot Games bounces security@, help@, and info@, so I guess they don't wanna know.

If you know someone at Riot, maybe give them a heads-up.