Microsoft Buys corp.com So Attackers Can’t

What you need to know

• Microsoft acquired the corp.com domain.
• Due to security reasons, the domain could be used to obtain people’s passwords, emails, and other personal details from Windows PCs.
• Microsoft didn’t disclose for how much it purchased the domain for, though the owner had put it up for sale for $1.7 million.

Microsoft bought the corp.com domain recently in a bid to protect Windows users’ passwords, emails, and sensitive data. In February, KrebsOnSecurity first reported on the story of a private citizen auctioning off the high-risk domain corp.com for the starting price of $ 1.7 million.

According to security experts, corp-com domain is considered dangerous because years of testing had indicated that whoever own it would have access to a vast stream of password, emails and other private data from hundreds to thousands Microsoft Windows PCs located at major companies across the globe.

The sensitivity of the domains is based on the premise that if admins set up active directory using a generic name, in this case, corp.com, then corp.com could be used to obtain the users’ personal data in the latest Windows 10 releases as well as previous releases.

The domain’s old owner, Mike O’Connor, was asking for $1.7 million for the domain that he purchased 26 years ago, as reported by KrebsOnSecurity.

In its story covering the auction of the domain, KrebsOnSecurity did expain why the domain is so important:

 In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this ‘corp’ designation for its Active Directory domain.

Microsoft disclosed the purchase to purchase to ZDNet and explained some other steps it took for in order to guarantee people’s security:

To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.

However, ZDNet’s Mary Jo Foley asked how much Microsoft purchased the domain for; but Microsoft did not disclose the amount they spent on the corp.com domain.