Microsoft spends millions on Corp.com domain name control to prevent Windows users from being hijacked
According to official Microsoft news, the company has acquired the Corp.com domain name for security reasons. The acquisition of this domain name helps protect Windows users from hijacking.
The company did not disclose how much it took to acquire the domain name, but according to the original holder of the domain name, the transaction price was 1.7 million US dollars.
As for why Microsoft is spending huge sums of money to acquire this seemingly ordinary domain name, the reason behind it is actually quite complicated. In short, it is Microsoft’s own mistake.
This domain name is so important because Microsoft in previous versions of Windows suggested that companies use Corp as their Active Directory name when configuring the network.
This default configuration was actually not a big problem before, but then the domain name system and DNS began to be more tightly integrated with the Windows domain.
That is, the domain that the system is trying to connect to is not the Corp domain but the domain name Corp.com, which may cause some private information of users to be inadvertently leaked.
For example, sometimes it may be connected to this domain name when performing network sharing or using resources such as printers, and the network request sent also contains the user account password.
If the domain name is held by a malicious attacker, the user’s password can be obtained through the hash decryption tool, and there is a security risk for the user.
Of course, it ’s not right to dump all of this problem to Microsoft, because users themselves need to modify the domain according to the guide, that is, the domain actually used by their own enterprises.
“To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names,” Microsoft said in a statement. “We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”