For those not familiar with the corp.com situation:
Corp.com was (is?) the default example domain in many applications from Microsoft. As a result many badly configured networks are attempting to connect to this domain, often sharing credentials in the process.
He who owns corp.com will have access to tens of thousands of corporate networks. So the only move that MS had was to buy the domain, regardless of the price.
I guess mr O’Connor (who sold the domain) made a nice retirement today.
My D-Link router had domain.name as the default dhcp domain name, which caused some of my devices connected to it to resolve <whatever.tld>.domain.name when <whatever.tld> fails to resolve and someone have set up ad pages in many .domain.name pages to take advantage of the flaw. I've recently blogged about it(https://harigovind.org/articles/who-is-hijacking-my-nxdomain...). Need to be always careful when configuring things like this especially since we now have hundreds of tlds like .email, .work etc.
I unironically salute Microsoft for cleaning up the mess they created. Many large actors don't. There was one right thing to do at this point and they did it.
Seems like it’d be a consulting opportunity. Watch the traffic, identify companies that need help reconfiguring their domain, and contact them.
Although I suppose to the recipient of such an email it might sound like an extortion racket.
This is a reminder to all of us to use example.com for these types of defaults, examples, illustrations.
And also to scan code bases & configs on a regular basis for the inevitable "dummy yet resolvable" addresses that sneak back in out of bad habit.
https://news.ycombinator.com/item?id=22277185 "Dangerous domain corp.com goes up for sale" - Feb 9, 2020.
To be fair if I was Microsoft I’d probably just do a Windows update that adds 127.0.0.1 corp.com to wherever they keep the hosts file on windows :-)
the problem is DNS, as one would guess:
>the default or example Active Directory path was given as “corp,” and many companies apparently adopted this setting without modifying it to include a domain they controlled.
whew boy. whats the right answer here? out of the box AD and DNS coming with default settings that must be changed prior to use?
I've always wonder how large SaaS companies (e.g. Salesforce, Workday, etc) ensure they don't let their domain mistakenly expire.
It'd be devastating to their business if someone were to purchase the expired domain of say, salesforce.com (e.g. customers wouldn't be able to log into their paid for SaaS service, potentially corp email would be down, etc).
This reminded me of `WPAD` namespace for DNS and DHCP:
I remember logging all requests to wpad.ir, there were many from Brazil for some reason.
Years ago, one of my coworkers bought testcompany.com and got an amazing amount of internal emails from organizations.
Wasn't this one of the reasons why some organizations lobbied against the extension on tld names? For example, in Germany we have lots of Fritz!box routers that are managed via 'fritz.box' which is now also a valid URL.
Somewhat related: A lot of random networking hardware seems to use "188.8.131.52"
I have even had Wi-Fi networks ask me to go to 184.108.40.206 to load their payment page so I can pay for the internet service.
But why did Microsoft use a domain in its products which they do not own?
I wonder if this is by any chance the same Michael O'Connor who wrote the Mac application CompuServe Navigator back in the '90s?
This could be a case for "eminent domain"ing the domain from this user. If domains are property, "eminent domain" must apply to them too.
Microsoft is the "bad guy".
We discussed this on the OpenSourceSecurity Podcast back in Feb 2020 https://www.opensourcesecuritypodcast.com/2020/02/episode-18... TL;DR: this is the least painful outcome of these DNS shenanigans.
And the good guys are?
did MS buy the domain from the guy for $1.7 million?
That's an Onion title right there.
i am good poet i have publish to many books but now i am getting start website you can check on below link
In other words - Bad guys buy corp.com so other bad guys can't .
This is why I use foo TLDs in the documentation. To make sure it won't work in a copy-paste situation.