Dangerous domain Corp.com is on sale for R$ 7.1 million; understand the problem

When we think of the most dangerous places on the internet, the first thing that should come to most people's minds is the "dark web" or "deep web". It turns out that a simple domain that does not host any sensitive content can be included in that list - and it is for sale.

“Corp.com” is one of many domains that were purchased by entrepreneur Mike O'Connor in the mid-1990s. At that time, O'Connor had co-founded his own internet provider (Go-fast.net) and he was registering basic domain names left and right, including bar.com, pub.com and place.com, which have become quite valuable over the years, he said.

Read more:
Fix printer error that does not appear in Windows RDP session
Fake website is using Kingston brand without authorization
Bad habits we have when it involves IT
The importance of email auditing
Fix Windows 10 search error - Guide 02/2020

According to cybersecurity blog Krebs On Security, one of the domains O'Connor refused to trade in was Corp.com - at least until now. The domain owner, explains Krebs, would be able to access a "never-ending" flow of sensitive information, including e-mail addresses, passwords and many other data from large corporations around the world.

These “advantages” justify the initial price O'Connor put for the address: R$ 7.1 million.

How can Corp.com intercept sensitive data?

In a simple way, the interception of information with this domain works like this: when a series of Windows computers are connected to the same internal corporate network, a way to validate other devices on that network is through a proprietary Windows service called Active Directory. In the first versions of Windows that supported Active Directory, the default path through these validation services was called “corp”.

Krebs explains it like this:

At issue is a problem known as namespace collision (or collision of namespace, in free translation), a situation in which domain names intended to be used exclusively on an internal company network end up overlapping domains that can normally be accessed on the open internet.

The “corp” domain, in fact, was the default configuration on older Windows. And, apparently, at the beginning of computerization, few companies bothered to modify this configuration to redirect the flow of information and include a domain controlled by them.

As Krebs points out, this means that an employee of a company who tries to use the internal domain "corp" from an open network, such as Wi-Fi from a Starbucks, will cause your computer to try to pull the data it needs from " corp.com ”, rather than your own company's internal systems.

Anyone who owns a particular domain can intercept private information from countless computers around the world, as Krebs warns - which is why O'Connor stressed that he expects Microsoft to buy it, since the bulk of this problem will reach exclusively Windows products.

Follow the news in real time. Follow our Instagram profile..

Felipe Santos
Felipe Santos is a Cloud and Security Architect, with experience in Windows Server, Cluster, Storages, Backups Veeam and Office 365 environments.



Do you want to upgrade your career? 

Invest in yourself and get ahead! Get that dream job in 2022!