The Corp.com domain is for sale, and depending on who ends up owning it, this could be catastrophic for companies that use Windows domains and Active Directory. It basically is Microsoft’s fault (of course), except it is not. The problem is that many admins who were setting up Active Directory domains for their company followed the directions a little too exactly. In Microsoft’s instructions they used a generic domain name to represent the concept of “any domain” or “your domain.” They used the example of “corp.com.” And many admins set their domain up using the corp.com example, instead of their own domain name.
The problem is that there is a very real and legitimate corp.com that was registered in the very earliest days of the Internet. There were men of vision who foresaw the eventual dominion of the Internet, and the huge values that some generic domain names would someday have. These guys registered these domains with the idea of eventually selling the domains to another company for a huge profit. One of those men was Mike O’Connor, one of the founders of early Twin Cities ISP GoFast.net. GoFast was perhaps the only Twin Cities ISP that provided Internet connections faster than 56K dial-up lines, by using ISDN lines, which could get you a connection from 128K to 1.5 MB. Back in 1995, that was a high speed connection.
I worked for Bell telecommunications company US West at that time, and knew O’Connor by reputation. He supposedly made $1 million selling television.com, although that is not the true story. But he had registered a number of promising domain names in 1994 and 1995. On his website, Mike says:
“In those days, I was entranced by how much domain-names resembled the call-letters I used to get for radio stations — very cool way to “name” things. So, long before the domain-name land-rush, I got a handful of generic domain names. The list includes bar.com, corp.com, grill.com, pub.com, shelter.com, cafes.com, and a few that got sold — place.com, haven.com, ing.com and company.com.”
One of the other domains he had registered was corp.com. O’Connor, who is in retirement, just wants to sell it.
The problem is that companies that use the corp.com internal networking namespace can see confidential information including corporate emails, user names and passwords leak out of poorly configured networks and into the hands of whoever ends up owning corp.com. Brian Krebs article referenced below covers most of the technical details. If you are administering a corp.com Windows domain, you might want to give it a read, and then plan for replacing that domain.
This is a serious issue that could become the next big breach. O’Connor has been cooperating with security researchers at the Department of Homeland Security. One solution would be for Microsoft to buy the domain, since it only affects Windows networks. If this situation applies to you or your business, please read the articles linked below.
- Mike O’Connor’s website
- Brian Krebs on Security – Dangerous Domain Corp.com Goes Up for Sale
- Naked Security – Corp.com is up for sale
- Biz Journal story about television.com
- Article about GoFast.net