Phishing scams, spams, defrauding banking systems, corporate espionage are some of the most common hacking terminologies that we come across quite often in the e-hub. Although hacking has evolved over time and miscreants are now trying innovative-ill methods to attack users, leading tech companies have heightened security measures to safeguard their clients. Microsoft taking a step in this aspect to protect its corporate clients from security breaches has purchased the domain corp.com.
The details about the purchase were first reported by security researcher Brian Krebs. The company has confirmed the purchase, however, it hasn’t disclosed the purchase amount. Apparently, the domain went up for auction at a starting price of $1.7 million when it was listed in February by its owner Mike O’Connor who bought corp.com 26 years ago.
To reason behind the purchase is no doubt to protect customer security. Security experts cited corp.com to be problematic as whoever would get access to the domain would have access to passwords, email, and other sensitive data from several thousand Windows systems.
KrebsOnSecurity explained that in earlier versions of Windows that supported Active Directory had set “corp” as the default domain. Microsoft was said to have tied the default suggestion to a real address back then and moreover, many companies apparently started using the default suggestion instead of changing it to a domain ‘they actually owned.’ This certainly directs to a potential threat given whoever would have had access to corp.com they could have harvest sensitive data coming in from these companies and use it for illicit purposes.
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names. We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain,” Microsoft stated.
Although the move by the company won’t entirely solve the issue (as Krebs noted that companies who have set their internal Active Directory networks to domains they don’t control or own are putting themselves at potential security risks) at least it will lift up Microsoft clients security nightmare to some extent.