Earlier this year, the domain corp.com went on sale, being sold through an auction by a private citizen. While selling of a domain is an everyday occurrence, this was different. The $1.7 million starting price showed this was a valuable domain. The reason is many experts believe corp.com is dangerous. In response, Microsoft has purchased the domain to stop it getting into the wrong hands.
According to security experts, testing showed the owner of the corp.com domain would be able to access a limitless supply of passwords, email data, and other information from Microsoft’s Windows PCs. This information would be accessible from individuals and major organizations alike.
Microsoft Corp. says it decided to buy the domain to stop it being used by bad actors. Mike O’Connor has owned the corp.com domain for 26 years and has not really used it. He said he wanted Microsoft to buy the domain.
Many Windows users are confusing corp.com with a Microsoft-owned site and are sharing their credentials. This is caused by the so-called “namespace collision” which happened when domain names designed for internal use overlap with domains in the public space.
Windows machines leverage Microsoft’s Active Directory to validate internal machines. Problematically, early Windows versions had a default to Active Directory that was called “corp”. Many companies adopted this default without changing it and it has since stayed the same. In other words, many companies based their internal validation framework on the term “corp”.
For a long time, this was not a problem because employees were locked into the corporate network for the most part. However, as computing became more portable and Wi-Fi opened up the ability to work from anywhere (including unsecured networks), the issue has grown.
In terms of corp.com, this meant many users would erroneously send their information to the domain, believing it was the internal network.
O’Connor says he has managed the domain for years without really changing it but is too old to handle the “mess” moving forward. Microsoft says it purchased the domain for the wellbeing of users:
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names,” the statement reads. “We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”