Microsoft buys corp.com to save it from criminals

Microsoft October 2 event
(Image credit: StockStudio / Shutterstock)

Microsoft has agreed to buy the domain corp.com in an effort to prevent others from abusing it for their own gain.

Back in February, KrebsOnSecurity reported on the story of a private citizen who decided to auction off the domain in question at a starting price of $1.7m. 

The domain corp.com is considered dangerous because of the fact that years of testing have revealed that whoever controls it will have access to an endless stream of passwords, email and other sensitive data from hundreds of thousands of Windows PCs at companies around the world.

In its initial report, KrebsOnSecurity explained that namespace collision is what makes the domain so dangerous, saying:

“At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.”

Corp.com sale

26 years ago Mike O'Connor first purchased corp.com but he has done little with it since then as he hoped Microsoft would eventually buy it because Windows PCs are constantly trying to share sensitive data with the domain.

The software giant has finally agreed to buy the domain from O'Connor but he isn't allowed to discuss the terms of the deal including how much he received from the sale. In a written statement, Microsoft confirmed that it has acquired corp.com in an effort to protect its customers, saying:

“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”

The company has released several software updates over the years in order to decrease the likelihood of namespace collisions that could end up creating security problems for companies which still rely on Active Directory domains that do not map to a domain they control. However, vulnerable organizations have not deployed these fixes as they would require them to take down their entire Active Directory Network simultaneously for some time and they could also break or slow down applications that these organizations rely on for their day-to-day operations.

Thankfully, now that Microsoft has purchased the domain, companies that built Active Directory infrastructures on top of “corp” or “corp.com” will be protected.

Via KrebsOnSecurity

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.