That may still make people uncomfortable, but it seems much less egregious than Microsoft taking control of No-IP's domains, which is what this press release implies.
Edit: the reuters article is in error here, not the Microsoft Blog. See below. Turns out this really is as egregious as it sounds.
This is simply a side-effect of how DNS updates. The data is propagating right now, as the root nameservers for the .biz tld are already returning the Microsoft DNS servers as the correct response. The TTL for the root appears to be a day, so you should see this everywhere in 14 hours from this post.
Ha. Good point. This was done at work, where we use MS Server's DNS.
<strike>I'm not sure if this is an artifact of our longer TTL, if MS is updating MS server DNS entries, or something else. Either way, at some point in time or in certain places, traffic resolved by no-ip was/is under Microsoft control.</strike>
EDIT: Looks like it may actually be a result of our shorter TTL, since google DNS appears to have 5.7 hours left on their records for no-ip.
Confirmed by a couple queries to the {a..k}.gtld.biz nameservers.
Microsoft has been doing more and more of this stuff lately, and it does start to worry me quite a bit. The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers".
I don't want Microsoft to have that kind of power, let alone use it. Worse yet, they make it sound like it's some kind of PR win for them. "Microsoft the hero, takes down evil network". But they usually try to hide how they did it. Very few articles mentioned they were uninstalling Tor from the computers the last time around. Most were just churning Microsoft's press release and the hero narrative.
> The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers"
They did not uninstall Tor. They disabled it. More importantly, this Tor was NOT installed by the user of the computer. It was installed by the malware for its own use, without the knowledge of the computer user [1].
> I don't want Microsoft to have that kind of power, let alone use it
Actually, if you are running anti-malware software, you DO want them to have this power, as finding and disabling things that malware has installed on your computer is the whole point of anti-malware software.
It is almost like giving one company monopoly control of the personal computer industry through a proprietary OS nobody can audit might not be the best plan.
>The last time they worried me was when "Microsoft shut down a million-strong Tor botnet, by uninstalling Tor from the computers".
>Very few articles mentioned they were uninstalling Tor from the computers the last time around. Most were just churning Microsoft's press release and the hero narrative.
Microsoft's security software did that, that too only stopped it from automatically starting if it was installed by a known virus. So if you install and run a virus scanner, why wouldn't you expect it to block such attacks?
If you didn't want it to do that, I am sure there are ways to opt out from using Microsoft's security tools. Were there any reports of legitimate Tor users getting affected by the action?
Debatable. When you install it and agree to the Terms and EULA you agree to allow Microsoft to uninstall software that it deems as malicious. I don't know if that means the tool is malicious.
Most people don't read EULAs. Caveat installing users.
Same here, I was confused this afternoon when my home vpn hosted on a servebeer.com subdomain wouldn't connect. Now it makes a lot more sense, but I'm left with a very bad taste in my mouth.
I'd like to see that on a global TLD. If you mean that any arbitrary country can seize a TLD belonging to that country, then yeah I guess you are right. You can always get a distributed TLD but then you have the problem of them not being resolvable unless the PC you are at is correctly configured.
http://uk.reuters.com/article/2014/06/30/us-cybercrime-micro...
That may still make people uncomfortable, but it seems much less egregious than Microsoft taking control of No-IP's domains, which is what this press release implies.
Edit: the reuters article is in error here, not the Microsoft Blog. See below. Turns out this really is as egregious as it sounds.