Microsoft Corp finally agreed earlier this week to acquire corp.com, a domain that poses security risks to Microsoft users due to a namespace collision issue.
In February, security researcher Brian Krebs noted that the owner of corp.com was ready to sell the sensitive domain that’s been on Microsoft’s mind for years. The starting bid was $1.7 million, and Microsoft sealed the deal with owner Mike O’Connor for an undisclosed amount.
So how can a domain name become a headache for Microsoft? The existence of this domain outside of a corporate setting makes it possible to overlap with internal company networks that use ‘corp.com’ as the default domain name.
As, Krebs explains, “whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this ‘corp’ designation for its Active Directory domain.”
For years, the domain was receiving a steady flow of passwords, emails and other sensitive information from companies using Microsoft Windows PCs. Had it wound up in the hands of cyber criminals, the damage could have been devastating.
Back in 2019, security expert Jeff Schmidt, conducted a study on DNS namespace collisions, and corp.com was one of the domains that participated in the study. During the analysis, Schmidt discovered that more than 375,000 Windows PCs were trying to send this domain information and attempted to log in to internal corporate networks.
“After about an hour we received in excess of 12 million emails and discontinued the experiment,” Schmidt said. “While the vast majority of the emails were of an automated nature, we found some of the emails to be sensitive and thus destroyed the entire corpus without further analysis.”
Although Microsoft released various patches over the years to help cut back on namespace collision security risks, corp.com was still receiving a lot of traffic. Microsoft’s current investment seems to be the wisest way to help contain leaking data.
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names,” a Microsoft representative said in a written statement to Krebs. “We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”