Microsoft closes the Windows for online mosquito with corp.com
Understand basic chronology:
Understand basic chronology:
To safeguard customers and systems from possible intrusion
and hacking attempts, Microsoft recently picked up the domain name corp.com
The Brian Krebs security researcher publicized the
information about the latest acquisition from Redmond based company. However,
Microsoft kept the amount confidential. Along with all the security essentials
and measures brought to the table by this deal, the entire acquisition scenario is
also a bit interesting event altogether.If you are in domaining or domain trading business
and knows how much lucrative this market is, then you will find this
information quite intriguing.
Last February, the
domain name in question was available for auction at a whopping starting price
of $1.7 million by an individual who had owned it for 26 years! Wouldn’t it be
simpler to define him as a visionary person of the decade!
Based in Wisconsin, the individual anticipated Microsoft
would buy it because “hundreds of
thousands of Windows PCs are continuously trying to share sensitive information
and data with corp.com”, he said.
What is the catch?
![]() |
How would Microsoft keep hackers away with Corp.com Image: https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ |
The problem was linked to the namespace collision and that
collision was threatening the security loophole for a long-time.
According to ICANN (Internet Corporation for Assigned Names
and Numbers), the name collision phenomenon take place “when an attempt to
resolve a name used in a private namespace results in the resolution of a
request sent to the public domain name system i.e. DNS”.This kind of situation
erases the administrative boundaries between the private and public namespaces,
as they overlap with each other and name resolution can create the grounds for
unforeseen harmful results.
The earlier versions of Windows servers were prone to fall
in this trap, as the default name suggestion for administrators while setting
up Microsoft’s Active Directory (i.e. AD) directory service was “corp”. The problem is twofold here. On
the one hand, Microsoft has linked the default suggestion to an actual address
and on the other hand many companies have adopted this setting as it is without
changing it to secure one.
Adequate to hone the appetite of intruders or hackers
“Certainly, this whole situation means
an opportunity to anyone who controls corp.comas
it gives him an ability to passively divert or catch the private communication
of hundreds of thousands of personal computers which end up being removed from
a corporate environment that uses this designation corpfor their Active
Directory Domain”, said the security researcher on his blog
KrebsOnSecurity.
Secure names and internal networks
... Microsoft has acquired the domain name corp.com to enhance the user security and closed the long awaited loophole.
“To help protect
systems, we encourage customers to adopt secure security practices when
planning domain names and internal networks. We released a security advisory in
June 2009 and a security update that helps to protect users from possible
intrusion. As part of our ongoing commitment to customer safety, we have also
acquired the corp.com domain name”, Microsoft said in a statement.
This initiative towards the security measurement can
safeguard the companies that have constructed their IT infrastructures using the Active
Directory Service on
“corp or corp.com”. Regardless of everything, Brian Krebs still warns that: “Any company that has linked its internal Active Directory Network to a domain that it does not control is still exposed to a possible security nightmare”.
To Learn more, Google, under heads: domain names, system security, data security, cyber security,
Microsoft Security, Windows Security
Bibliography: