To save its corporate clients potential security-related headaches down the road, Microsoft has purchased the domain corp.com. First reported by security researcher Brian Krebs, the company confirmed the purchase on Tuesday but didn’t say how much it had paid to acquire the domain. It had a $1.7 million starting price when it was first listed in February by a man named Mike O’Connor who had owned it for about 26 years.
Corp.com was a potential security threat waiting to happen thanks to something known as namespace collision, a situation in which there’s an overlap between an internal domain name and an address out on the internet. In earlier versions of Windows, the default domain name suggestion for admins setting up the company’s Active Directory service was “corp.” The issue here was two-fold. First, Microsoft tied the default suggestion to a real address (the current best practice is to direct people to example.com or example.org). Second, a lot of admins just went with the default suggestion instead of changing the setting.
Comments