Skip to main content

Microsoft buys to save it from criminals

Microsoft October 2 event
(Image credit: StockStudio / Shutterstock)
Audio player loading…

Microsoft has agreed to buy the domain in an effort to prevent others from abusing it for their own gain.

Back in February, KrebsOnSecurity reported on the story of a private citizen who decided to auction off the domain in question at a starting price of $1.7m. 

The domain is considered dangerous because of the fact that years of testing have revealed that whoever controls it will have access to an endless stream of passwords, email and other sensitive data from hundreds of thousands of Windows PCs at companies around the world.

In its initial report, KrebsOnSecurity explained that namespace collision is what makes the domain so dangerous, saying:

“At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.” sale

26 years ago Mike O'Connor first purchased but he has done little with it since then as he hoped Microsoft would eventually buy it because Windows PCs are constantly trying to share sensitive data with the domain.

The software giant has finally agreed to buy the domain from O'Connor but he isn't allowed to discuss the terms of the deal including how much he received from the sale. In a written statement, Microsoft confirmed that it has acquired in an effort to protect its customers, saying:

“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the domain.”

The company has released several software updates over the years in order to decrease the likelihood of namespace collisions that could end up creating security problems for companies which still rely on Active Directory domains that do not map to a domain they control. However, vulnerable organizations have not deployed these fixes as they would require them to take down their entire Active Directory Network simultaneously for some time and they could also break or slow down applications that these organizations rely on for their day-to-day operations.

Thankfully, now that Microsoft has purchased the domain, companies that built Active Directory infrastructures on top of “corp” or “” will be protected.

Via KrebsOnSecurity

After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.