Microsoft has agreed to buy the domain corp.com in an effort to prevent others from abusing it for their own gain.
Back in February, KrebsOnSecurity reported on the story of a private citizen who decided to auction off the domain in question at a starting price of $1.7m.
The domain corp.com is considered dangerous because of the fact that years of testing have revealed that whoever controls it will have access to an endless stream of passwords, email and other sensitive data from hundreds of thousands of Windows PCs at companies around the world.
- Microsoft detects new Evil Corp malware attacks
- Microsoft reveals new code integrity feature for Linux
- Also check out our roundup of the best domain registrars
In its initial report (opens in new tab), KrebsOnSecurity explained that namespace collision is what makes the domain so dangerous, saying:
“At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.”
26 years ago Mike O'Connor first purchased corp.com but he has done little with it since then as he hoped Microsoft would eventually buy it because Windows PCs are constantly trying to share sensitive data with the domain.
The software giant has finally agreed to buy the domain from O'Connor but he isn't allowed to discuss the terms of the deal including how much he received from the sale. In a written statement, Microsoft confirmed that it has acquired corp.com in an effort to protect its customers, saying:
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”
The company has released several software updates over the years in order to decrease the likelihood of namespace collisions that could end up creating security problems for companies which still rely on Active Directory domains that do not map to a domain they control. However, vulnerable organizations have not deployed these fixes as they would require them to take down their entire Active Directory Network simultaneously for some time and they could also break or slow down applications that these organizations rely on for their day-to-day operations.
Thankfully, now that Microsoft has purchased the domain, companies that built Active Directory infrastructures on top of “corp” or “corp.com” will be protected.
- We've also highlighted the best web hosting services
Via KrebsOnSecurity (opens in new tab)