Microsoft Snaps Up Dangerous Domain to Protect Customers

Microsoft has purchased, a domain that tests have shown is allowing users to erroneously hand over their credentials.

Microsoft Logo Wikipedia

Earlier this year, the domain went on sale, being sold through an auction by a private citizen. While selling of a domain is an everyday occurrence, this was different. The $1.7 million starting price showed this was a valuable domain. The reason is many experts believe is dangerous. In response, has purchased the domain to stop it getting into the wrong hands.

According to experts, testing showed the owner of the domain would be able to a limitless supply of passwords, email data, and other information from 's PCs. This information would be accessible from individuals and major organizations alike.

Microsoft Corp. says it decided to buy the domain to stop it being used by bad actors. Mike O'Connor has owned the domain for 26 years and has not really used it. He said he wanted Microsoft to buy the domain.

Many users are confusing with a Microsoft-owned site and are sharing their credentials. This is caused by the so-called “namespace collision” which happened when domain names designed for internal use overlap with domains in the public space.

Windows machines leverage Microsoft's Active Directory to validate internal machines. Problematically, early Windows versions had a default to Active Directory that was called “corp”. Many companies adopted this default without changing it and it has since stayed the same. In other words, many companies based their internal validation framework on the term “corp”.

For a long time, this was not a problem because employees were locked into the corporate network for the most part. However, as computing became more portable and Wi-Fi opened up the ability to work from anywhere (including unsecured networks), the issue has grown.

In terms of, this meant many users would erroneously send their information to the domain, believing it was the internal network.

Moving On

O'Connor says he has managed the domain for years without really changing it but is too old to handle the “mess” moving forward. Microsoft says it purchased the domain for the wellbeing of users:

“To help in keeping systems protected we encourage customers to practice safe habits when planning for internal domain and network names,” the statement reads. “We released a security advisory in June of 2009 and a security that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the domain.”