21 votes

Dangerous Domain Corp.com Goes Up for Sale

11 comments

  1. [4]
    rkcr
    Link
    I'm pretty aghast that Microsoft could prevent a huge security leak they caused for what amounts to pocket change for them, but is refusing to do so. Hopefully this article will drive them to some...

    I'm pretty aghast that Microsoft could prevent a huge security leak they caused for what amounts to pocket change for them, but is refusing to do so. Hopefully this article will drive them to some action.

    10 votes
    1. [3]
      LukeZaz
      Link Parent
      On the same note though, I don't get why the guy selling the domain doesn't just ... not sell it to the bad actors he's so worried will buy it? He mentions that he won't give it to Microsoft for...

      On the same note though, I don't get why the guy selling the domain doesn't just ... not sell it to the bad actors he's so worried will buy it? He mentions that he won't give it to Microsoft for free because "Microsoft should stand up and shoulder the burden for their mistake", which I rather understand, but holding Microsoft accountable shouldn't come at the expense of everyone who's been put at risk by their mistake.

      As for keeping it himself, he says he's "basically auctioning off a chemical waste dump", which I don't get; as far as I'm aware, the only thing he would need to do to keep the domain is pay a periodic fee, and given that by his own admission he doesn't need the money, I don't really understand why that would be an issue.

      9 votes
      1. rkcr
        Link Parent
        I have trouble taking at face value what the owner of corp.com is saying. I suspect he's in it for the money much more than he lets on, otherwise giving it to Microsoft for free would be best....

        I have trouble taking at face value what the owner of corp.com is saying. I suspect he's in it for the money much more than he lets on, otherwise giving it to Microsoft for free would be best.

        That said, given its potential for harvesting live logins, it's worth well over the $1.7 million he's asking for, and Microsoft can easily afford it (since their revenue is in the tens of billions).

        14 votes
      2. teaearlgraycold
        Link Parent
        If he isn't lying about his apathy for the money then the guy is an anarchist. But this really does just feel like a negotiation tactic. Microsoft doesn't want the bad PR and lost revenue from...

        If he isn't lying about his apathy for the money then the guy is an anarchist. But this really does just feel like a negotiation tactic.

        Microsoft doesn't want the bad PR and lost revenue from their paying customers. Many nations would love to own this domain for both corporate and governmental espionage. Who wins? If the terms of the auction allow O'Connor to be selective on who's allowed to get the domain then he runs no actual risk here. He's just making Microsoft sweat.

        5 votes
  2. [6]
    Akir
    Link
    Sometimes I'm amazed at how many idiot-level security mistakes Microsoft has manged to push out into the world. As far as Microsoft mistakes go, this one is only slightly lower than AutoPlay, the...

    Sometimes I'm amazed at how many idiot-level security mistakes Microsoft has manged to push out into the world.

    As far as Microsoft mistakes go, this one is only slightly lower than AutoPlay, the Windows "feature" that would automatically run arbitrary software whenever you inserted a CD.

    7 votes
    1. [2]
      DonkeySlingshot
      Link Parent
      I think it's impossible for any company with tens of thousands of employees and millions of lines of code to not mess up every now and then, mistakes will happen when there are so many people...

      I think it's impossible for any company with tens of thousands of employees and millions of lines of code to not mess up every now and then, mistakes will happen when there are so many people involved.

      It does seem like Microsoft is particularly inept, though

      2 votes
      1. Akir
        Link Parent
        These aren't bugs, they are there by design. I have no doubt that someone must have spoken up about these poorly designed features, but someone higher up decided that it was more worthwhile to...

        These aren't bugs, they are there by design.

        I have no doubt that someone must have spoken up about these poorly designed features, but someone higher up decided that it was more worthwhile to leave the security holes open.

        1 vote
    2. [3]
      TheJorro
      Link Parent
      Was Autoplay ever inconfigurable? I always remembered it asking me what I wanted it to do per device I plugged in.

      Was Autoplay ever inconfigurable? I always remembered it asking me what I wanted it to do per device I plugged in.

      1 vote
      1. [2]
        pseudolobster
        Link Parent
        In win95/98 it was on by default. My memory's a bit foggy but I think that might also be the case for XP SP1, maybe SP2. I do know they added the prompt sometime during XP's lifetime.

        In win95/98 it was on by default. My memory's a bit foggy but I think that might also be the case for XP SP1, maybe SP2. I do know they added the prompt sometime during XP's lifetime.

        1 vote
        1. Akir
          Link Parent
          I believe the prompt was introduced in SP1 if not the very release of XP. Autoplay was disabled by default in Vista sometime later.in any case, the prompt still defaulted to running the...

          I believe the prompt was introduced in SP1 if not the very release of XP. Autoplay was disabled by default in Vista sometime later.in any case, the prompt still defaulted to running the application, and you could also check a box to automatically do whichever option you chose.

          2 votes
  3. teaearlgraycold
    Link
    The article doesn't say - why would Active Directory assume a specific ICANN TLD for the network name? Granted, once you are assuming one then .com is the most logical choice. But there's a big...

    The article doesn't say - why would Active Directory assume a specific ICANN TLD for the network name? Granted, once you are assuming one then .com is the most logical choice. But there's a big different between corp. and corp.com.

    3 votes