What you need to know
- Microsoft purchased the corp.com domain.
- The domain could be used to obtain people's passwords, emails, and other data from Windows PCs.
- Microsoft did not disclose how much it purchased the domain for, though the old owner was asking for $1.7 million.
The domain is important because if admins set up Active Directory with a generic name, in this case, corp.com, then the corp.com domain could be used to obtain people's sensitive data. The domain's old owner, Mike O'Connor, wanted $1.7 million for the domain that he purchased 26 years ago, as reported by KrebsOnSecurity.
In its post covering the auction of the domain, KrebsOnSecurity explained why the domain is so important:
In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this 'corp' designation for its Active Directory domain.
Microsoft confirmed the purchase to ZDNet and explained some other steps it took for people's security:
To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.
ZDNet's Mary Jo Foley asked how much Microsoft spent on the domain. Microsoft did not disclose the purchase amount.
