Microsoft agreed to buy the corp.com domain to prevent others from abusing it for their own benefit. In February, KrebsOnSecurity reported on the story of a private citizen who decided to put the property in question up for auction at an asking price of €1.7 million. The corp.com domain is considered dangerous due to the fact that years of testing have revealed that whoever controls it will have access to an endless stream of passwords, emails, and other sensitive data from hundreds of thousands of Windows PCs in businesses around the world. world. In its initial report, KrebsOnSecurity explained that namespace collision is what makes the domain so dangerous, saying: "The problem is an issue known as 'namespace collision', a situation where names Domain names intended to be used exclusively on an internal corporate network end up overlapping with domains that can be resolved normally on the open internet." 26 years ago, Mike O'Connor first bought corp.com, but has done little since because he hoped Microsoft would eventually buy it because Windows PCs are constantly trying to share sensitive data with the domain. The software giant eventually agreed to buy the domain from O'Connor, but it is not allowed to discuss the terms of the deal, including the amount he received from the sale. In a written statement, Microsoft confirmed that it acquired corp.com for the purpose of protecting customers, stating: "To help protect systems, we encourage customers to adopt healthy security habits when planning internal network and domain names. ". We released a security advisory in June 2009 and a security update that helps keep customers safe. In our continued commitment to customer security, we have also acquired the Corp.com domain. "The company has released several software updates over the years to reduce the likelihood of namespace collisions that could end up creating security issues for businesses that still rely on Active Directory domains that don't map not to a domain they control, however, vulnerable organizations did not implement these solutions because they would require them to simultaneously remove their entire network from Active Directory for a period of time, and could also disrupt or slow down the applications these organizations rely on for their operations .daily Fortunately, now that Microsoft has bought the domain, companies that have built the Active Directory infrastructure other than "corp" or "corp.com" will be protected.Via KrebsOnSecurity