IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble
After a security enthusiast discovered a loophole that allowed him to register a valid SSL certificate for Microsoft’s live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts.
The issue was discovered by a Finnish man who works as an IT manager for a company in the industrial sector. He talked to the IDG News Service, but requested anonymity.
Microsoft’s Outlook.com email service allows users to have multiple email addresses called aliases under a single account. At the moment, the service only allows aliases to be created on the @outlook.com domain, but several months ago more domains were available.