Microsoft gobbles up corp.com domain to keep it from hackers

Microsoft may have spent nearly $2 million to protect companies from their own flawed networks

Microsoft has purchased the domain corp.com. The company confirmed the purchase on Tuesday but has yet to reveal how much it paid to acquire the domain. When its original owner, Mike O’Connor, first put it up for sale in February, he priced it at a cool $1.7 million. 

So why did Microsoft potentially pay nearly $2 million for this domain? It was a security threat waiting to happen, and gobbling it up was the only way to keep it in safe hands. 

The security issues are related to a namespace collision, which is when there's an overlap between an internal domain name and an address on the internet. The corp.com domain was a potential security threat because earlier versions of Windows presented admins with “corp” as the default domain name suggestion when setting up a company's Active Directory service. 

Had someone other than Microsoft purchased the domain, they could have leveraged it to harvest sensitive data from Windows devices with the default “corp.com” setting.

"To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names," a Microsoft spokesperson shared. "We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the corp.com domain."

Wisconsin native Mike O’Connor purchased corp.com 26 years ago and has done little with it. He was well aware of the security risks the domain presented for Windows users and hoped, in the end, Microsoft would do right by its users and purchase the domain.

Ultimately, what Microsoft's purchase of the corp.com domain fails to solve is the issue of companies tying their internal networks to domains they don't own. As long as they continue this unsafe tactic, these companies leave the door open to a potential security nightmare.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Most Popular

Microsoft CEO warns of video call fatigue
video conferencing

Microsoft CEO warns of video call fatigue

7 Oct 2020
IBM updates Cloud Pak with ‘industry-first’ security tools
Security

IBM updates Cloud Pak with ‘industry-first’ security tools

14 Oct 2020
Raspberry Pi Compute Module 4 launches with PCIe support
Hardware

Raspberry Pi Compute Module 4 launches with PCIe support

19 Oct 2020