This article is from the public account: InfoQ (ID: infoqchina) , author: Wan Jia, from the title figure:” The Matrix “
corp.com, the most dangerous domain name in history, can be called the “devil” in the domain name world.
As the most dangerous domain name in history, corp.com was first publicly sold this year for $ 1.7 million. Fortunately, this domain name was eventually bought by Microsoft and did not fall into the hands of cybercriminals, otherwise the consequences would be unimaginable.
According to KrebsOnSecurity reports, in order to prevent it from being abused by cybercriminals, Microsoft announced its agreement to purchase the highly dangerous domain name corp.com.
Domain experts call corp.com extremely dangerous. Because after years of technical testing, this domain name is called “the devil”. Anyone who owns corp.com can access massive passwords, emails, and other sensitive data in hundreds of thousands of Windows PCs of major companies around the world. In other words, whoever has the domain name of corp.com, he can obtain confidential information and sensitive data inside the company at any time. This also means that the company’s internal information security no longer exists.
This Monday, corp.com owner Mike O’Connor (Mike O’Connor) said that Microsoft has agreed to purchase the “Devil” Domain name corp.com. However, he stated that he could not disclose the terms of the transaction in detail and should not comment too much on the matter.
Microsoft stated in a written statement that the domain name was acquired to better protect user safety and privacy. “We have always encouraged users to have security awareness when planning internal domain and network names.” The statement reads, “WeA security bulletin and corresponding security update were released in June 2009. In order to continue to provide security for our customers, we also acquired the corp.com domain name. “
Owner of corp.com: US version of Cai Wensheng
In China, when it comes to domain name business, we have to mention Cai Wensheng. In 2000, Cai Wensheng entered the Internet field and invested in domain names with great success. For example, he sold a 360.com domain name for 100 million, and was successfully selected as the top ten most expensive domain name transaction list in history.
Compared to Cai Wensheng, Mike O’Connor (Mike O’Connor) is also in The domain name business has been very successful. Mike O’Connor has always been the owner of the corp.com domain name. As an early domain name investor, he included several national treasure-level rare domain names at a low price in 1994, including bar.com, cafes.com, grill.com, place.com, pub.com and television. com.
In recent years, by selling domain names, O’Connor has no worries about life and life. Although he has sold some domain names from time to time, he has always been “treacherous” about corp.com and never offered to sell. Because he knows that this domain name is too important, he will not make it easily.
According to small sources, O’Connor revealed that Microsoft had proposed to buy corp.com for $ 20,000 a few years ago, but he refused. O’Connor believes that the price of $ 20,000 is too low to reach the market value of the domain name.
Now, O’Connor is nearly 70 years old and prefers to “save bags for safety” and begins to consider selling corp.com at an asking price of $ 1.7 million. For this full-blown domain name, this price is quite affordable. However, even if someone wants to buy it, I am afraid they will not be able to hold it. On the contrary, those who work in cybercrime groups or national hacker organizations want to get corp.com, and with it, cybercriminals are equivalent to the “magic ring”.
Oconnor has always wanted Microsoft to buy the corp.com domain name because hundreds of thousands of unidentified Windows PCs have been trying to share sensitive data with corp.com. At the same time, WEarly versions of indows encouraged users to adopt unsafe settings, making Windows computers more likely to try to share sensitive data with corp.com.
Devil ’s domain name: corp.com
This problem is called namespace collision. Once this happens, the domain name that was originally intended to be used in the company’s intranet will eventually overlap with the domain name normally resolved on the external Internet, so data within the company will flow to the outside network.
All along, Windows systems handle domain name resolution on the local network in a special way. Windows computers in the company’s intranet use Active Directory (Active Directory) to verify other content on the network. It is reported that Active Directory service is the core component of the Windows platform, which stores information about network objects. Each object looks for each other with the help of a Windows function called DNS name devolution. This network shorthand method can easily find other computers or servers without having to specify a complete legal domain name for these resources.
For example, a company runs an internal network named internalnetwork.example.com, and employees on this network want to access a shared drive named “drive 1.” He doesn’t have to type “drive1.internalnetwork.example.com” to enter the resource manager, just type “\ drive1 \”, Windows will take care of the rest.
However, if the internal Windows domain cannot be mapped back to the second-level domain name that the enterprise actually owns and controls, things will get worse. Because, early versions of Windows that support Active Directory, such as Windows Server 2000, the default or sample Active Directory path is specified as “Corp”. Moreover, many companies use this setting, but did not modify it to their company’s second-level domain name. Later, these companies built or integrated a huge enterprise network in this wrong environment, which made the problem more serious, and added errors.
Twenty or thirty years ago, it was impossible for employees to wander around with their bulky computers. However, in the era of mobile office, thin and light notebooks are emerging one after another, and this security problem is also amplified. Assuming that employees of companies with Active Directory and the default network path of Corp bring their work laptops to Starbucks, what will happen?
Probably, some resources on the employee ’s laptop will still try to access the Corp domain name on the company ’s intranet, but due to the DNS name devolution function of the Windows system, the computer will connect through the Starbucks wireless network and go to the “corp.com” “Go find the same resources.
This means that the controller of the corp.com domain name can “passively intercept” private communications from hundreds of thousands of computers.
scare out a cold sweat
In a February report, KrebsOnSecurity disclosed some test information. As a security expert, Jeff Schmidt (Jeff Schmidt) has conducted long-term research on DNS namespace conflicts.
In an eight-month analysis of internal corporate traffic to Corp.com in 2019, Schmidt found that more than 375,000 Windows PCs were attempting to send information, including attempts to log into the company ’s intranet and access specific sites on the network shared documents.
The test results shocked Schmidt’s “a cold sweat.”
“This is terrible. We stopped the experiment and destroyed the data after 15 minutes,” he said.
Over the years, Microsoft has released several software updates to help reduce the possibility of namespace conflicts. However, experts say that almost no vulnerable companies will follow Microsoft’s recommendation to deploy these fixes. There are two main reasons for this: one is that companies need to shut down their entire Active Directory network for a period of time; second, according to Microsoft, patches may damage or slow down many applications that companies rely on for their daily operations.
KrebsOnSecurity blogger pointed out: Microsoft bought the domain name corp.com, whichProvides security for companies that build Active Directory on “corp” or “corp.com”. In fact, any company that “binds” its internal Active Directory network to an uncontrolled domain name will end up in a security nightmare.
In my opinion, Microsoft ’s move not only relieved the majority of Windows users, but also eliminated the possibility of cybercriminals or hackers using the domain name to carry out attacks.
Reference link: https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/ < / span>
This article comes from the public number: InfoQ (ID: infoqchina) , author : Wanjia