Sign in with
Sign up | Sign in
Your question

Message ostensibly from Microsoft

Tags:
  • Domain
  • Microsoft
  • Windows XP
Last response: in Windows XP
Share
Anonymous
June 9, 2005 5:38:02 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I recently received a message, ostensibly from Microsoft, which directed me
to go to the following domain and install a change to my copy of Windows:

http://oca.microsoft.com

However, I have never even *heard* of this domain. In today's phishing
environment, I am reluctant, to put it mildly, to get such high-sensitivity
information from what may or may not be an authentic source. Microsoft does
itself a disservice by using a domain which people do not recognize. Why not
just use www.microsoft.com, if I may ask?

Thomas L. Jones, Ph.D., Computer Science
DrJonesrqxnospam8y@alum.MIT.edu

More about : message ostensibly microsoft

June 9, 2005 5:46:01 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

just my 2 cents worth, as publicly stated a number of times microsoft does
not do this type of notification via e-mail, also the site looks very lame,
personally wouldn't touch it
--
there are no problems, just challenges


"Doc Jones" wrote:

> I recently received a message, ostensibly from Microsoft, which directed me
> to go to the following domain and install a change to my copy of Windows:
>
> http://oca.microsoft.com
>
> However, I have never even *heard* of this domain. In today's phishing
> environment, I am reluctant, to put it mildly, to get such high-sensitivity
> information from what may or may not be an authentic source. Microsoft does
> itself a disservice by using a domain which people do not recognize. Why not
> just use www.microsoft.com, if I may ask?
>
> Thomas L. Jones, Ph.D., Computer Science
> DrJonesrqxnospam8y@alum.MIT.edu
Anonymous
June 9, 2005 10:00:41 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

This isn't the commonly seen bogus security update email, but rather the
user is seeing the result of having error reporting enabled. The prompt to
go to oca.microsoft.com (oca=online crash analysis) is a normal response if
there are any articles available that pertain to the cause of whatever
initiated the error.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Associate Expert - WindowsXP Expert Zone
www.microsoft.com/windowsxp/expertzone
Windows help - www.rickrogers.org

"steve" <steve@discussions.microsoft.com> wrote in message
news:6D1E9817-D766-4130-ABA3-6E8482A8AE21@microsoft.com...
> just my 2 cents worth, as publicly stated a number of times microsoft does
> not do this type of notification via e-mail, also the site looks very
> lame,
> personally wouldn't touch it
> --
> there are no problems, just challenges
>
>
> "Doc Jones" wrote:
>
>> I recently received a message, ostensibly from Microsoft, which directed
>> me
>> to go to the following domain and install a change to my copy of Windows:
>>
>> http://oca.microsoft.com
>>
>> However, I have never even *heard* of this domain. In today's phishing
>> environment, I am reluctant, to put it mildly, to get such
>> high-sensitivity
>> information from what may or may not be an authentic source. Microsoft
>> does
>> itself a disservice by using a domain which people do not recognize. Why
>> not
>> just use www.microsoft.com, if I may ask?
>>
>> Thomas L. Jones, Ph.D., Computer Science
>> DrJonesrqxnospam8y@alum.MIT.edu
Related resources
Anonymous
June 9, 2005 1:47:35 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Doc Jones wrote:
> I recently received a message, ostensibly from Microsoft, which
> directed me to go to the following domain and install a change to my
> copy of Windows:
>
> http://oca.microsoft.com
>
> However, I have never even *heard* of this domain. In today's phishing
> environment, I am reluctant, to put it mildly, to get such
> high-sensitivity information from what may or may not be an authentic
> source. Microsoft does itself a disservice by using a domain which
> people do not recognize. Why not just use www.microsoft.com, if I may
> ask?
>
> Thomas L. Jones, Ph.D., Computer Science
> DrJonesrqxnospam8y@alum.MIT.edu

You have a PHD in computer science and you don't know about sub-domains?

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
June 9, 2005 2:29:44 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
news:494A31B4-257C-4570-877E-1675E9264FF3@microsoft.com...
>I recently received a message, ostensibly from Microsoft, which directed me
> to go to the following domain and install a change to my copy of Windows:
>
> http://oca.microsoft.com
>
> However, I have never even *heard* of this domain. In today's phishing
> environment, I am reluctant, to put it mildly, to get such
> high-sensitivity
> information from what may or may not be an authentic source. Microsoft
> does
> itself a disservice by using a domain which people do not recognize. Why
> not
> just use www.microsoft.com, if I may ask?

oca.microsoft.com - is one of our sites (the domain is microsoft.com - the
host is the OCA, just as we also have download.microsoft.com and
beta.microsoft.com) - it is used for the tracking of uploaded crash dumps -
hence the name "online crash analysis"

Interestingly you would normally only have deep access to this site if you
had uploaded a crash dump to us and the site is not normally a location for
downloads unless it is again a specific tool or change required in the
ongoing investigation of a crash.

I am however worried by your claim that the message was "ostensibly from
Microsoft" - who else was it from ?

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
news:494A31B4-257C-4570-877E-1675E9264FF3@microsoft.com...
>I recently received a message, ostensibly from Microsoft, which directed me
> to go to the following domain and install a change to my copy of Windows:
>
> http://oca.microsoft.com
>
> However, I have never even *heard* of this domain. In today's phishing
> environment, I am reluctant, to put it mildly, to get such
> high-sensitivity
> information from what may or may not be an authentic source. Microsoft
> does
> itself a disservice by using a domain which people do not recognize. Why
> not
> just use www.microsoft.com, if I may ask?
>
> Thomas L. Jones, Ph.D., Computer Science
> DrJonesrqxnospam8y@alum.MIT.edu
Anonymous
June 9, 2005 2:55:52 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Mike Brannigan [MSFT] on 09/06/2005 wrote:

> I am however worried by your claim that the message was "ostensibly
> from Microsoft" - who else was it from ?

I often see mail which looks superficially to be from Microsoft
attempting to direct a user to a phony site to download mal-ware or
trying to tell the user to execute some exe attached for security
reasons, are you as a rep of Microsoft not aware of these forged mails?
I report most of them either to Microsoft or via spamcop. Doc Jones
did the correct thing when he pondered over an out of the ordinary mail
from Microsoft.

Rob
Anonymous
June 9, 2005 5:50:11 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
news:3gqlhoFdtmbkU1@individual.net...
> Mike Brannigan [MSFT] on 09/06/2005 wrote:
>
>> I am however worried by your claim that the message was "ostensibly
>> from Microsoft" - who else was it from ?
>
> I often see mail which looks superficially to be from Microsoft
> attempting to direct a user to a phony site to download mal-ware or
> trying to tell the user to execute some exe attached for security
> reasons, are you as a rep of Microsoft not aware of these forged mails?

Of course I am aware of them - the point was that the direction was actually
to a Microsoft hosted system (oca.microsoft.com) as the original poster
thought it was a different "domain" which it was not it is just a different
host as I pointed out by example.
We have also had pages up for some time about how to tell if a mail is
really from us - see
http://www.microsoft.com/athome/security/email/default....
and
http://www.microsoft.com/security/incident/authenticate...

The location being pointed to in the original posters e-mail was to a
microsoft.com site.

> I report most of them either to Microsoft or via spamcop. Doc Jones
> did the correct thing when he pondered over an out of the ordinary mail
> from Microsoft.


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
news:3gqlhoFdtmbkU1@individual.net...
> Mike Brannigan [MSFT] on 09/06/2005 wrote:
>
>> I am however worried by your claim that the message was "ostensibly
>> from Microsoft" - who else was it from ?
>
> I often see mail which looks superficially to be from Microsoft
> attempting to direct a user to a phony site to download mal-ware or
> trying to tell the user to execute some exe attached for security
> reasons, are you as a rep of Microsoft not aware of these forged mails?
> I report most of them either to Microsoft or via spamcop. Doc Jones
> did the correct thing when he pondered over an out of the ordinary mail
> from Microsoft.
>
> Rob
Anonymous
June 9, 2005 6:02:33 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Canopus wrote:

> Mike Brannigan [MSFT] on 09/06/2005 wrote:
>
>
>>I am however worried by your claim that the message was "ostensibly
>>from Microsoft" - who else was it from ?
>
>
> I often see mail which looks superficially to be from Microsoft
> attempting to direct a user to a phony site to download mal-ware or
> trying to tell the user to execute some exe attached for security
> reasons, are you as a rep of Microsoft not aware of these forged mails?
> I report most of them either to Microsoft or via spamcop. Doc Jones
> did the correct thing when he pondered over an out of the ordinary mail
> from Microsoft.
>
> Rob

The OP didn't say it was an email.

Steve
Anonymous
June 9, 2005 10:06:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Mike Brannigan [MSFT]" wrote:

> "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
> news:3gqlhoFdtmbkU1@individual.net...
> > Mike Brannigan [MSFT] on 09/06/2005 wrote:
> >
> >> I am however worried by your claim that the message was "ostensibly
> >> from Microsoft" - who else was it from ?

From Tom:

"Ostensibly" just means that the message claimed to be from Microsoft. On
the basis of additional information, it almost certainly WAS from Microsoft.

I respectfully request that the software be changed, so that the domain or
sub-domain or whatever of these reports is is: www.microsoft.com

Hope this helps.
Anonymous
June 10, 2005 2:46:30 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
news:71A967FA-0583-4507-8C8F-7B30E847CA18@microsoft.com...
>
>
> "Mike Brannigan [MSFT]" wrote:
>
>> "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
>> news:3gqlhoFdtmbkU1@individual.net...
>> > Mike Brannigan [MSFT] on 09/06/2005 wrote:
>> >
>> >> I am however worried by your claim that the message was "ostensibly
>> >> from Microsoft" - who else was it from ?
>
> From Tom:
>
> "Ostensibly" just means that the message claimed to be from Microsoft. On
> the basis of additional information, it almost certainly WAS from
> Microsoft.
>
> I respectfully request that the software be changed, so that the domain or
> sub-domain or whatever of these reports is is: www.microsoft.com
>

It is not A SUB DOMAIN.
It is a host name.
The domain is microsoft.com the host names are www (web server) OCA (online
crash analysis) download (the download site) update (the Microsoft update
site) beta (our Beta testing support site) etc etc etc
We do not need to change anything, you need to understand about DNS names
and how they are formed - or just accept that if it ends in microsoft.com
it's one of ours.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"Doc Jones" <DocJones@discussions.microsoft.com> wrote in message
news:71A967FA-0583-4507-8C8F-7B30E847CA18@microsoft.com...
>
>
> "Mike Brannigan [MSFT]" wrote:
>
>> "Canopus" <BNRAGMAOKKXT@spammotel.com> wrote in message
>> news:3gqlhoFdtmbkU1@individual.net...
>> > Mike Brannigan [MSFT] on 09/06/2005 wrote:
>> >
>> >> I am however worried by your claim that the message was "ostensibly
>> >> from Microsoft" - who else was it from ?
>
> From Tom:
>
> "Ostensibly" just means that the message claimed to be from Microsoft. On
> the basis of additional information, it almost certainly WAS from
> Microsoft.
>
> I respectfully request that the software be changed, so that the domain or
> sub-domain or whatever of these reports is is: www.microsoft.com
>
> Hope this helps.
Anonymous
June 10, 2005 2:46:31 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Mike Brannigan [MSFT] wrote:
>
> It is not A SUB DOMAIN.
> It is a host name.
> The domain is microsoft.com the host names are www (web server) OCA
> (online crash analysis) download (the download site) update (the
> Microsoft update site) beta (our Beta testing support site) etc etc
> etc We do not need to change anything, you need to understand about
> DNS
> names and how they are formed - or just accept that if it ends in
> microsoft.com it's one of ours.
>

From http://www.webopedia.com/TERM/S/subdomain.html:

subdomain
(sub´´do-man´) (n.) Also called a child domain, a domain that is part of
a larger domain name in DNS hierarchy. DNS hierarchy consists of the
root-level domain at the top, underneath which are the top-level
domains, followed by second-level domains and finally subdomains. For
example, in the domain name webopedia.internet.com, "webopedia" is a
subdomain of the larger second-level domain "internet.com."

While I'm not saying your wrong in calling it a "host name," however it
is also a "subdomain."

http://support.microsoft.com/default.aspx?scid=kb;en-us;279303
http://support.microsoft.com/default.aspx?scid=kb;en-us;259531

The links above are just a couple of examples of what is meant by
subdomains in the MS Knowledge Base.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"
Anonymous
June 10, 2005 7:36:37 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:%23uLw3YcbFHA.2884@tk2msftngp13.phx.gbl...
> Mike Brannigan [MSFT] wrote:
>>
>> It is not A SUB DOMAIN.
>> It is a host name.
>> The domain is microsoft.com the host names are www (web server) OCA
>> (online crash analysis) download (the download site) update (the
>> Microsoft update site) beta (our Beta testing support site) etc etc
>> etc We do not need to change anything, you need to understand about DNS
>> names and how they are formed - or just accept that if it ends in
>> microsoft.com it's one of ours.
>>
>
> From http://www.webopedia.com/TERM/S/subdomain.html:
>
> subdomain
> (sub´´do-man´) (n.) Also called a child domain, a domain that is part of a
> larger domain name in DNS hierarchy. DNS hierarchy consists of the
> root-level domain at the top, underneath which are the top-level domains,
> followed by second-level domains and finally subdomains. For example, in
> the domain name webopedia.internet.com, "webopedia" is a subdomain of the
> larger second-level domain "internet.com."
>

That is actually a poor description as it belies the fact that you can go to
a greater depth then the implied "second-level domains and finally
subdomains" you can continue to create subdomains of subdomains but
ultimately those domains/zones contain DNS records that map host names
(among other things) to IP addresses.

> While I'm not saying your wrong in calling it a "host name," however it is
> also a "subdomain."


It would only be a sub domain if it contained host records - it does not
it, is a host name.

Fully qualified domain name (FQDN) A DNS name that uniquely identifies a
node in a DNS namespace. The FQDN of a computer is a concatenation of the
computer name (for example, client1) and the primary DNS suffix of the
computer (for example, contoso.com), and a terminating dot (for example,
contoso.com.).

You look up the host name in the DNS zone file for that domain.
So in a small company with a single web server as their internet presence
you try an open www.company.com
You are trying to find the IP address of the machine whose host name is
"www" in the DNS zone company.com.
So you query a DNS server that holds the zone/domain company.com for the IP
address for the host www.

Again as you pointed out a PhD in CS should have at least a passing
acquaintance with these basic DNS concepts.
--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"kurttrail" <dontemailme@anywhereintheknowuniverse.org> wrote in message
news:%23uLw3YcbFHA.2884@tk2msftngp13.phx.gbl...
> Mike Brannigan [MSFT] wrote:
>>
>> It is not A SUB DOMAIN.
>> It is a host name.
>> The domain is microsoft.com the host names are www (web server) OCA
>> (online crash analysis) download (the download site) update (the
>> Microsoft update site) beta (our Beta testing support site) etc etc
>> etc We do not need to change anything, you need to understand about DNS
>> names and how they are formed - or just accept that if it ends in
>> microsoft.com it's one of ours.
>>
>
> From http://www.webopedia.com/TERM/S/subdomain.html:
>
> subdomain
> (sub´´do-man´) (n.) Also called a child domain, a domain that is part of a
> larger domain name in DNS hierarchy. DNS hierarchy consists of the
> root-level domain at the top, underneath which are the top-level domains,
> followed by second-level domains and finally subdomains. For example, in
> the domain name webopedia.internet.com, "webopedia" is a subdomain of the
> larger second-level domain "internet.com."
>
> While I'm not saying your wrong in calling it a "host name," however it is
> also a "subdomain."
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;279303
> http://support.microsoft.com/default.aspx?scid=kb;en-us;259531
>
> The links above are just a couple of examples of what is meant by
> subdomains in the MS Knowledge Base.
>
> --
> Peace!
> Kurt
> Self-anointed Moderator
> microscum.pubic.windowsexp.gonorrhea
> http://microscum.com/mscommunity
> "Trustworthy Computing" is only another example of an Oxymoron!
> "Produkt-Aktivierung macht frei"
>
Anonymous
June 12, 2005 7:32:07 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

kurttrail wrote:
>
> And in an email that is sent in html, just because the link says it is
> going to http://www.microsoft.com doesn't mean it actually goes there.
>
> If you click on the Microsoft link above, you will see that it actual
> takes you to my Microscum website.

But not in plain text :)  Anyway, yes, many folks get fooled who read
email in html.
Anonymous
June 13, 2005 2:29:26 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

On Thu, 9 Jun 2005 01:38:02 -0700, Doc Jones
<DocJones@discussions.microsoft.com> wrote:

>I recently received a message, ostensibly from Microsoft, which directed me
>to go to the following domain and install a change to my copy of Windows:
>
>http://oca.microsoft.com

I'll bet the URL was more than that -- probably there was an @ sign
and then the real address.

In any event, Microsoft doesn't send unsolicited upgrade
announcements. Unless you've signed up for some sort of notification
service with MS directly -- and I gather you haven't -- this was
either a virus or an attempt to get you to download some sort of
malware.


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
"That was a stupid lie, easy to expose, not worthy of you."
George Sanders as "Addison Dewitt" in /All About Eve/ (1950)
!