A great article on KrebsonSecurity.com was posted that talked about an early domain investor selling a valuable and potentially dangerous domain name.
According to the article Mike O’Connor a gentleman who started regging domains back in 1994 amassed quite a collection. Names such as bar.com, cafes.com, grill.com, place.com, pub.com and television.com.
From the article:
O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.
The article is a lengthy read but well worth it in my opinion. The comments are interesting as well, some believing the NSA could buy the domain name for nefarious reasons. One commenter posted the domain should be given back to ICANN and locked down.
It will be interesting to see who purchased the name from O’Connor. The article notes:
One reason O’Connor hopes Microsoft will buy it is that by virtue of the unique way Windows handles resolving domain names on a local network, virtually all of the computers trying to share sensitive data with corp.com are somewhat confused Windows PCs. More importantly, early versions of Windows actually encouraged the adoption of insecure settings that made it more likely Windows computers might try to share sensitive data with corp.com.
At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.
Read the full story on KrebsonSecurity.com
Tip of the cap to Lox
There are also Corp.co and Corp.company
Maybe I’m skeptical but nothing like using fear to sell a domain am I right.
+400 clicks on domaining.com about this post and no comment, this reassures me.
I am not alone to not understand anything about why is corp.com is dangerous.
A domain name takes you to a website, delivers email.
Companies use made up addresses to create an internal system of communication, a lot use Corp to represent their corporation, many added .com on the end, effectively sending their emails which are meant for internal delivery, to an external website.
This issue is why some of the new extensions have not been implemented (ie .corp)