
Weirdest Bug Bounty – Getting PII from Office365 - mbaye
https://medium.com/@omaidfaizyar/my-weirdest-bug-bounty-getting-pii-from-o365-b4477f4739e
======
ipython
I'm confused about the ntlm hashes - so it sounds like there is some service
that contacts the auto-generated guid domain and sends legit SMB traffic to
it? That seems really odd? I'd be curious to hear more about that.

------
maallooc
Wow. That’s textbook bad engineering. Could’ve done guid.nonexistanttld but
they just had to do guid.com!

~~~
RL_Quine
Well, history has shown that you can't expect a non existing TLD to keep not
existing. The design industry got burned using .xxx as a placeholder in
designs, when that suddenly started resolving people's placeholders all linked
to porn.

~~~
contravariant
The TLD 'invalid' is guaranteed to remain, well, invalid.

