 "Microsoft buys corp.com to save Windows users from cybercriminals")
Microsoft Corporation has agreed to buy the domain corp.com from a private owner for an undisclosed sum, in an effort to prevent cybercriminals from abusing it owing to a problem known as "namespace collision".
According to KrebsOnSecurity, a blog run by journalist Brian Krebs, Microsoft has bought the domain from its Wisconsin-based owner Mike O'Connor "in a bid to keep it out of the hands of those who might abuse its awesome power".
"We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain," the company said in a statement.
Mike bought corp.com 26 years ago and hoped Microsoft would buy it someday because "hundreds of thousands of confused Windows PCs are constantly trying to share sensitive data with corp.com".
The "namespace collision" is a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.
"Early versions of Windows actually encouraged the adoption of insecure settings that made it more likely Windows computers might try to share sensitive data with corp.com," said the report.
In February this year, KrebsOnSecurity told the story of Mike auctioning off domain corp.com for the starting price of $1.7 million. However, he did not declare how much Microsoft finally paid him for corp.com.
Domain security experts call corp.com dangerous because whoever has it would have access to an "unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe".
Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called 'Active Directory'.
A core part of the way these things find each other involves a Windows feature called "DNS name devolution".
In early versions of Windows that supported 'Active Directory, the default or example Active Directory path was given as "corp," and many companies apparently adopted this setting without modifying it to include a domain they controlled.
"In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this "corp" designation for its Active Directory domain,' the Krebs report elaborated.
Over the years, Microsoft has released several software patches to help tackle "namespace collisions".
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app