Slashdot Mirror
Microsoft Loses Control Over Windows Tiles Subdomain (zdnet.com)
Microsoft has lost control over a crucial subdomain that Windows 8 and Windows 10 use to deliver RSS-based news and updates to Live Tiles -- animated Windows start menu items. From a report: The subdomain (notifications.buildmypinnedsite.com) is currently under the control of Hanno Bock, a security researcher and journalist for German tech news site Golem.de. The subdomain was part of the buildmypinnedsite.com service that Microsoft set up with the launch of Windows 8, and more specifically to allow websites to show live updates inside users' Start pages and menus.
[...] Today Bock said the service no longer works. "The host that should deliver the XML files -- notifications.buildmypinnedsite.com -- only showed an error message from Microsoft's cloud service Azure," the researcher said. "The host was redirected to a subdomain of Azure. However this subdomain wasn't registered with Azure." Bock registered this subdomain on his Azure account and is currently sinkholing any requests it receives. He also notified Microsoft of the issue but said the company did not reply. "We won't keep the host registered permanently. There's a decent amount of traffic reaching this host and running up costs," the researcher said. "Once we cancel the subdomain a bad actor could register it and abuse it for malicious attacks," he warned.
[...] Today Bock said the service no longer works. "The host that should deliver the XML files -- notifications.buildmypinnedsite.com -- only showed an error message from Microsoft's cloud service Azure," the researcher said. "The host was redirected to a subdomain of Azure. However this subdomain wasn't registered with Azure." Bock registered this subdomain on his Azure account and is currently sinkholing any requests it receives. He also notified Microsoft of the issue but said the company did not reply. "We won't keep the host registered permanently. There's a decent amount of traffic reaching this host and running up costs," the researcher said. "Once we cancel the subdomain a bad actor could register it and abuse it for malicious attacks," he warned.
It may not be an entirely accurate word to use, but at the time of writing Microsoft was NOT in control of what their OS was obtaining from that address. They hadn't lost control of the domain, but they had lost control of the content.
-=This sig has nothing to do with my comment. Move along now=-
It appears Slashdot has deleted APK's thread about vulnerabilities affecting some ad blocking browser extensions. While it's a bit off-topic and he did make a bogus allegation that whipslash doesn't want to be embarrassed about hosts, there was no good reason to delete the thread.
I despise APK and, in fact, he's been demanding my name and address so he can fracture my skull. Yes, he made that specific threat. Despite him being a complete asshole and nutjob, his comments in this story didn't deserve to be deleted. They weren't threatening anyone, nor were they even that disruptive.
No, the comments weren't moderated. They were deleted. There was a thread and other users had started commenting in the thread before an editor deleted it. Slashdot has been deleting comments routinely over the past several months.
CmdrTaco was apologetic when he had to delete a scientology comment because of a DMCA takedown request. He believed in the principle of free speech, which is why that comment was one of the few times he ever deleted a comment. The other times were when comments exploited vulnerabilities in Slashdot's code to break the rendering of the site. Comment deletion was rare because CmdrTaco believed in free speech and that moderation was sufficient. Those principles are lost on the current ownership.
I don't believe that whipslash is directly responsible for deleting comments. He rarely posts stories and doesn't seem to care about this site. He's a bean counter who hasn't kept his promises to improve Slashdot. This is probably one or more of the other editors deleting comments.
And no, this isn't some noble effort to rid the comment section of spam. They don't seem to delete the antisemitic diatribes or swastika ASCII art that shows up routinely. They don't delete the posts that regularly harass SuperKendall, raymorris, and ShanghaiBill. Comment deletion is very arbitrary and there seems to be no standard for why comments get deleted. Most of the truly offensive posts, like the antisemitic manifestos, almost never get deleted. Even when I flag those posts, it's very rare that anything happens. It's entirely possible that the option to report posts is a placebo and does nothing at all, especially because the management won't release the source that currently runs this site so we can see what reporting posts does.
Instead of deleting posts for no apparent reason, the editors could moderate them to -1. The editors have unlimited mod points. Better yet, they could fix the problems with this site, including many bugs that have been around for months or years. They could focus on posting better stories. But apparently it's more important to pretend to police the comments a la TSA's security theatre. Comment quality isn't improving and Slashdot continues to be a complete joke.