Re: Oh dear, they STILL haven't figured out how dangerous this is!
I suspect that what is meant is that if you poke a dead/vulnerable alias, it will either not respond, or respond with a standard message effectively saying "no such website here", so is probably ripe for hijacking.
Any other response from the URL poked means it is still in use by "something", so they skip to the next possibility.
For MS, any such responding DNS entries are targets for removal.
The article is not about finding already compromised sub-domains, but about preventing future compromises from stale DNS records, though some sort of hunt and destroy for such is probably needed.