Microsoft buys corp.com so bad guys can’t

DyslexicAtheist | 477 points

For those not familiar with the corp.com situation:

Corp.com was (is?) the default example domain in many applications from Microsoft. As a result many badly configured networks are attempting to connect to this domain, often sharing credentials in the process.

He who owns corp.com will have access to tens of thousands of corporate networks. So the only move that MS had was to buy the domain, regardless of the price.

I guess mr O’Connor (who sold the domain) made a nice retirement today.

LeonM | 2 months ago

My D-Link router had domain.name as the default dhcp domain name, which caused some of my devices connected to it to resolve <whatever.tld>.domain.name when <whatever.tld> fails to resolve and someone have set up ad pages in many .domain.name pages to take advantage of the flaw. I've recently blogged about it(https://harigovind.org/articles/who-is-hijacking-my-nxdomain...). Need to be always careful when configuring things like this especially since we now have hundreds of tlds like .email, .work etc.

scalableUnicon | 2 months ago

I unironically salute Microsoft for cleaning up the mess they created. Many large actors don't. There was one right thing to do at this point and they did it.

Eliezer | 2 months ago

Seems like it’d be a consulting opportunity. Watch the traffic, identify companies that need help reconfiguring their domain, and contact them.

Although I suppose to the recipient of such an email it might sound like an extortion racket.

macintux | 2 months ago

This is a reminder to all of us to use example.com[1] for these types of defaults, examples, illustrations.

And also to scan code bases & configs on a regular basis for the inevitable "dummy yet resolvable" addresses that sneak back in out of bad habit.

[1]https://tools.ietf.org/html/rfc6761

athenot | 2 months ago

Previous discussion:

https://news.ycombinator.com/item?id=22277185 "Dangerous domain corp.com goes up for sale" - Feb 9, 2020.

KindOne | 2 months ago

To be fair if I was Microsoft I’d probably just do a Windows update that adds 127.0.0.1 corp.com to wherever they keep the hosts file on windows :-)

andy_ppp | 2 months ago

the problem is DNS, as one would guess:

>the default or example Active Directory path was given as “corp,” and many companies apparently adopted this setting without modifying it to include a domain they controlled.

whew boy. whats the right answer here? out of the box AD and DNS coming with default settings that must be changed prior to use?

kryogen1c | 2 months ago

I've always wonder how large SaaS companies (e.g. Salesforce, Workday, etc) ensure they don't let their domain mistakenly expire.

It'd be devastating to their business if someone were to purchase the expired domain of say, salesforce.com (e.g. customers wouldn't be able to log into their paid for SaaS service, potentially corp email would be down, etc).

alberth | 2 months ago

This reminded me of `WPAD` namespace for DNS and DHCP:

https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Proto...

I remember logging all requests to wpad.ir, there were many from Brazil for some reason.

shayanbahal | 2 months ago

Years ago, one of my coworkers bought testcompany.com and got an amazing amount of internal emails from organizations.

2sk21 | 2 months ago
[deleted]
| 2 months ago

Wasn't this one of the reasons why some organizations lobbied against the extension on tld names? For example, in Germany we have lots of Fritz!box routers that are managed via 'fritz.box' which is now also a valid URL.

patall | 2 months ago

Somewhat related: A lot of random networking hardware seems to use "1.1.1.1"

I have even had Wi-Fi networks ask me to go to 1.1.1.1 to load their payment page so I can pay for the internet service.

diebeforei485 | 2 months ago

But why did Microsoft use a domain in its products which they do not own?

thefox | 2 months ago

I wonder if this is by any chance the same Michael O'Connor who wrote the Mac application CompuServe Navigator back in the '90s?

MaysonL | 2 months ago

This could be a case for "eminent domain"ing the domain from this user. If domains are property, "eminent domain" must apply to them too.

pradn | 2 months ago

Microsoft is the "bad guy".

chatman | 2 months ago

We discussed this on the OpenSourceSecurity Podcast back in Feb 2020 https://www.opensourcesecuritypodcast.com/2020/02/episode-18... TL;DR: this is the least painful outcome of these DNS shenanigans.

kseifried | 2 months ago

And the good guys are?

xiaodai | 2 months ago

did MS buy the domain from the guy for $1.7 million?

ChrisArchitect | 2 months ago

That's an Onion title right there.

dancemethis | 2 months ago

i am good poet i have publish to many books but now i am getting start website you can check on below link

https://www.yoururdupoetry.com/2020/04/best-love-poetry-in-u...

nomanlagharipak | 2 months ago

In other words - Bad guys buy corp.com so other bad guys can't .

6d6b73 | 2 months ago

This is why I use foo TLDs in the documentation. To make sure it won't work in a copy-paste situation.

gfiorav | 2 months ago