Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Security IT Technology

Microsoft Loses Control Over Windows Tiles Subdomain (zdnet.com) 56

Microsoft has lost control over a crucial subdomain that Windows 8 and Windows 10 use to deliver RSS-based news and updates to Live Tiles -- animated Windows start menu items. From a report: The subdomain (notifications.buildmypinnedsite.com) is currently under the control of Hanno Bock, a security researcher and journalist for German tech news site Golem.de. The subdomain was part of the buildmypinnedsite.com service that Microsoft set up with the launch of Windows 8, and more specifically to allow websites to show live updates inside users' Start pages and menus.

[...] Today Bock said the service no longer works. "The host that should deliver the XML files -- notifications.buildmypinnedsite.com -- only showed an error message from Microsoft's cloud service Azure," the researcher said. "The host was redirected to a subdomain of Azure. However this subdomain wasn't registered with Azure." Bock registered this subdomain on his Azure account and is currently sinkholing any requests it receives. He also notified Microsoft of the issue but said the company did not reply. "We won't keep the host registered permanently. There's a decent amount of traffic reaching this host and running up costs," the researcher said. "Once we cancel the subdomain a bad actor could register it and abuse it for malicious attacks," he warned.

This discussion has been archived. No new comments can be posted.

Microsoft Loses Control Over Windows Tiles Subdomain

Comments Filter:
  • by olsmeister ( 1488789 ) on Wednesday April 17, 2019 @09:43AM (#58448922)
    I love seeing ads every time I click the Start menu!
  • by rsilvergun ( 571051 ) on Wednesday April 17, 2019 @09:48AM (#58448952)
    to the 8 people who use windows live tiles. Once that researcher has control of Suzy Pottingblock of West Virginia's Mid 2000s Pentium 4 based computer and her recipe for egg salad (to say nothing of her extensive collection of crotchet stitches) he will dominate the world's pot lucks. And as we all know that's the first step to world conquest. Alexander the Great taught us that much.
    • by Nidi62 ( 1525137 )

      to the 8 people who use windows live tiles. Once that researcher has control of Suzy Pottingblock of West Virginia's Mid 2000s Pentium 4 based computer and her recipe for egg salad (to say nothing of her extensive collection of crotchet stitches) he will dominate the world's pot lucks. And as we all know that's the first step to world conquest. Alexander the Great taught us that much.

      Yeah, but have you had that egg salad though? Worth it!

  • by Anonymous Coward

    Look at the incompetence of a business that has to convince people to give it resources.

    How much dumber and more dangerous would a government then be, given that a government just decrees its income regardless of performance? (Indeed, the worse a government performs, the more income it demands!)

    Our best people do not aspire to be in government, to boot. Always keep this in mind when you read stories like this.

  • by Anonymous Coward

    The German police will be arresting him soon. He had the audacity to screw with a major corporation. His days are numbered.

    • by Anonymous Coward

      You don't seem to understand. He actually saved them, and the world. If he hadn't grabbed this, criminals would have and redirected it to serve up viruses to anyone using live tiles, which is.... almost everyone using a modern Windows right now. In addition, he contacted them to let them know about the issue and offered it back to them. But, they ignored his request. It is becoming expensive for him to continue hosting the service because of the vast number of incoming connections. He is warning the world h

  • Microsoft operates buildmypinnedsite.com, so what would be so hard about them just reclaiming it, especially now that this is in the news?
  • by Anonymous Coward

    Microsoft has not lost control over the domain. It's still Microsoft's domain. It points to an Azure domain where they operated the service, and that's gone, so someone else was able to get their server up and running at the address that the domain points to. Microsoft can and should change the domain to point to nowhere or to one of their own servers.

  • by thegarbz ( 1787294 ) on Wednesday April 17, 2019 @10:45AM (#58449230)

    Why do companies insist on directing their traffic all over the internet? Microsoft is in control of www.microsoft.com. Why is there any reason for any service not to be the result of a wholly in control of the company sub-domain of this website?

    This isn't the first time a major organisation has registered an absolutely stupid sounding domain with no direct link to any of their products (read: IP that would offer them some protection from domain theft) only to let it lapse and go to someone else. Hell it's not even the first time Microsoft has done it.

    • by pjt33 ( 739471 )

      Security. By using a separate domain you create different contexts for cookies, HSTS configuration, etc.

    • by Megane ( 129182 )

      Any domain with "my" in its name is marketroid trash anyhow and should be burned with fire. They also usually tend to be the first ones that get abandoned once the PHBs behind them get captivated by a new squirrel.

      (For the pedants out there, that's "my" as the pronoun, not an arbitrary sub-string. Yes, myspace counts.)

  • by Anonymous Coward

    It appears Slashdot has deleted APK's thread about vulnerabilities affecting some ad blocking browser extensions. While it's a bit off-topic and he did make a bogus allegation that whipslash doesn't want to be embarrassed about hosts, there was no good reason to delete the thread.

    I despise APK and, in fact, he's been demanding my name and address so he can fracture my skull. Yes, he made that specific threat. Despite him being a complete asshole and nutjob, his comments in this story didn't deserve to be de

  • hello.jpg on a million desktops

Never let someone who says it cannot be done interrupt the person who is doing it.

Working...