According to a report by Krebs On Security, Microsoft is buying the old domain name “Corp.com” in an attempt to boost the security of the users.
For over 26 years, the domain was owned by Mike O’Conner, who held an auction for the same in February with an opening bid of $1.7 million.
O’Conner confirmed that Microsoft has agreed upon the deal but didn’t reveal the amount of purchase or made any further comments. He wanted Microsoft to get hold of Corp.com since he hasn’t been able to do much with it all these years.
Interestingly, O’Conner was an early adopter of the internet. He didn’t waste time in purchasing domains such as television.com, bar.com, pub.com, place.com, etc. He has sold some of these over the years.
Why is Corp.com a security threat?
Corp.com has been in question for a long time as it poses security risks for Windows-powered machines deployed in corporate networks. A Windows feature called DNS name devolution works alongside the Active Directory service and allows PCs connected to a corporate network to be easily identified.
The problem lies in the fact that older Windows versions (like Windows Server 2000) used “Corp” as the default path for the Active Directory, which in turn, created all the chaos.
Various organizations didn’t care to change it and continued building their infrastructure on top of it. Little did they know that it would turn into a security threat one day.
Now, the story is all good until an employee is working inside the organization. But the problem occurs when their machine goes out in the open, for instance, a coffee shop, and tries to connect to the Corp domain.
What happens here is called ‘namespace collision,’ as the default domain Corp overlaps with Corp.com which is present on the open internet. This, in turn, would lead the confused machine into sending sensitive data to Corp.com because of the way things work.
So, whoever owns Corp.com can check out the stuff and maybe do evil deeds if they’re a bad person. Thankfully, O’Conner isn’t one of them.
One thing to note here is that the feature was designed at a time when people mostly used heavy desktop machines in their offices. Taking their computer out for a picnic was the last thing they could imagine.
A lot of testing has been done over the years, revealing that Corp.com receives a concerning amount of love from Windows machines across the globe. Back in 2019, security researcher Jeff Schmidt analyzed the domain for eight months and concluded that over 375,000 Windows PCs tried to connect to the domain and send data.
Microsoft has finally bought Corp.com
Microsoft acknowledged this problem back in 2009 and released a couple of patches to fix it. But the ballooning size of the corporate networks made the affected organizations reluctant in deploying the patches.
It required them to make their Active Directory network offline for a while, and there were chances that the patches would likely break a couple of important applications. Hence, not deploying the patches was considered safer after weighing the risks involved.
Over the years, Microsoft continued to release software updates to make things better. Now, the Windows-maker has taken the Corp.com domain in its own hands and hopefully solved the problem once and for all.
However, the company has a history of abandoning unused domains. Let’s see, for now how long it pays attention to this one.
