Thursday, April 9, 2020

Microsoft buys to save Windows users from cybercriminals

In February this year, KrebsOnSecurity told the story of Mike auctioning off domain for the starting price of $1.7 million.


Microsoft Corporation has agreed to buy the domain from a private owner for an undisclosed sum, in an effort to prevent cybercriminals from abusing it owing to a problem known as "namespace collision".

According to KrebsOnSecurity, a blog run by journalist Brian Krebs, Microsoft  has bought the domain from its Wisconsin-based owner Mike O'Connor "in a bid to keep it out of the hands of those who might abuse its awesome power".
"We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the domain," the company said in a statement.

Mike bought 26 years ago and hoped Microsoft would buy it someday because "hundreds of thousands of confused Windows PCs are constantly trying to share sensitive data with".

The "namespace collision" is a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.

"Early versions of Windows actually encouraged the adoption of insecure settings that made it more likely Windows computers might try to share sensitive data with," said the report.

In February this year, KrebsOnSecurity told the story of Mike auctioning off domain for the starting price of $1.7 million. However, he did not declare how much Microsoft finally paid him for

Domain security experts call dangerous because whoever has it would have access to an "unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe".

Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called 'Active Directory'.

A core part of the way these things find each other involves a Windows feature called "DNS name devolution".

In early versions of Windows that supported 'Active Directory, the default or example Active Directory path was given as "corp," and many companies apparently adopted this setting without modifying it to include a domain they controlled.

"In practical terms, this means that whoever controls can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this "corp" designation for its Active Directory domain,' the Krebs report elaborated.
Over the years, Microsoft has released several software patches to help tackle "namespace collisions".

No comments:

Post a Comment