In February this year, KrebsOnSecurity told the story of Mike auctioning
off domain corp.com for the starting price of $1.7 million.

Microsoft Corporation
has agreed to buy the domain corp.com from a private owner for an undisclosed
sum, in an effort to prevent cybercriminals from abusing it owing to a problem
known as "namespace collision".
According to
KrebsOnSecurity, a blog run by journalist Brian Krebs, Microsoft has bought the domain from its Wisconsin-based owner Mike O'Connor "in a bid
to keep it out of the hands of those who might abuse its awesome power".
"We released a security advisory in June of 2009 and a security update
that helps keep customers safe. In our ongoing commitment to customer security,
we also acquired the Corp.com domain," the company said in a statement.
Mike bought corp.com 26
years ago and hoped Microsoft would buy it someday because
"hundreds of thousands of confused Windows PCs are constantly trying to
share sensitive data with corp.com".
The "namespace
collision" is a situation where domain names intended to be used
exclusively on an internal company network end up overlapping with domains that
can resolve normally on the open Internet.
"Early versions of
Windows actually encouraged the adoption of insecure settings that made it more
likely Windows computers might try to share sensitive data with corp.com,"
said the report.
In February this year,
KrebsOnSecurity told the story of Mike auctioning off domain corp.com for the
starting price of $1.7 million. However, he did not declare how much Microsoft
finally paid him for corp.com.
Domain security experts call
corp.com dangerous because whoever has it would have access to an
"unending stream of passwords, email and other sensitive data from
hundreds of thousands of Microsoft Windows PCs at major companies around the
globe".
Windows computers on an
internal corporate network validate other things on that network using a
Microsoft innovation called 'Active Directory'.
A core part of the way these
things find each other involves a Windows feature called "DNS name
devolution".
In early versions of Windows
that supported 'Active Directory, the default or example Active Directory path
was given as "corp," and many companies apparently adopted this
setting without modifying it to include a domain they controlled.
"In practical terms,
this means that whoever controls corp.com can passively intercept private
communications from hundreds of thousands of computers that end up being taken
outside of a corporate environment which uses this "corp" designation
for its Active Directory domain,' the Krebs report elaborated.
Over the years, Microsoft
has released several software patches to help tackle "namespace
collisions".
No comments:
Post a Comment