Security researcher Brian Krebs reported on April 7 that Microsoft has purchased the dangerous domain corp.com to keep it out of the hands of the bad guys. Microsoft is confirming the purchase, but so far hasn’t disclosed the price. (I asked.)
Krebs noted in February that Mike O’Connor, who had bought corp.com 26 years ago, was auctioning the domain off for a starting price of $1.7 million. The reason the domain has become problematic is it could provide the owner with passwords, email and other sensitive data from Windows PCs in companies where admins used a generic domain name (corp.com) to represent the idea of any domain when setting up Active Directory.
As Krebs explained in February:
“In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this ‘corp’ designation for its Active Directory domain.”
A Microsoft spokesperson sent me the following when I asked about corp.com:
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”
Krebs cautioned that companies who have tied their internal Active Directory networks to any domains they don’t own — not just corp.com — are putting themselves in jeopardy from a security standpoint.