Microsoft buys corp.com to save it from criminals
Windows PCs are sending sensitive information to the domain even though it isn’t owned by Microsoft
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas agreed to buy the domain corp.com in an effort to prevent others from abusing it for their own gain.
Back in February,KrebsOnSecurityreported on the story of a private citizen who decided to auction off the domain in question at a starting price of $1.7m.
The domain corp.com is considered dangerous because of the fact that years of testing have revealed that whoever controls it will have access to an endless stream of passwords, email and other sensitive data from hundreds of thousands ofWindows PCsat companies around the world.
In itsinitial report,KrebsOnSecurityexplained that namespace collision is what makes the domain so dangerous, saying:
“At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.”
Corp.com sale
26 years ago Mike O’Connor first purchased corp.com but he has done little with it since then as he hopedMicrosoftwould eventually buy it because Windows PCs are constantly trying to share sensitive data with the domain.
The software giant has finally agreed to buy the domain from O’Connor but he isn’t allowed to discuss the terms of the deal including how much he received from the sale. In a written statement, Microsoft confirmed that it has acquired corp.com in an effort to protect its customers, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”
The company has released several software updates over the years in order to decrease the likelihood of namespace collisions that could end up creating security problems for companies which still rely on Active Directory domains that do not map to a domain they control. However, vulnerable organizations have not deployed these fixes as they would require them to take down their entire Active Directory Network simultaneously for some time and they could also break or slow down applications that these organizations rely on for their day-to-day operations.
Thankfully, now that Microsoft has purchased the domain, companies that built Active Directory infrastructures on top of “corp” or “corp.com” will be protected.
ViaKrebsOnSecurity
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Anker Nebula Mars 3 review: A powerful and truly portable projector
