Thursday, April 30, 2020

Microsoft Corporation Buys

    The Domain Name System (DNS) is something most of us use every day, whether we think about it or not. It is hugely convenient for converting human readable addresses into the addresses that computers actually use to communicate with each other. Sometimes this convenience can have unintended side effects though, such as hundreds of thousands of computers constantly attempting to send potentially sensitive information to an unintended location. In an attempt to help secure computers worldwide Microsoft recently purchased the domain name ‘’ for an undisclosed sum (likely north of a million dollars) from a private party. Why would they or you care about this nondescript domain name? The reason stems back to the Windows 2000 days and poorly configured Active Directory servers.

    Active Directory is a service commonly utilized in corporate networks which among other things handles authentication and shared computing resources. This is the service that allows you to map network drives and printers easily on a primarily Windows network. In order to map those services DNS is utilized so that users don’t have to remember a bunch of IP addresses. The issue is that old versions of Active Directory defaulted to ‘corp’ as the root name, causing collisions anywhere outside of the specific corporate network it was setup on. If the computer tried to look up the fileserver address for example, it would ask the Active Directory service for the address using the name ‘fileserver\corp’. On the original network the Active Directory server would know about the ‘corp configuration’ and return the correct address. But if the user was on a different network, such as at a hotel or home, they would likely get back a generic DNS response for the ‘’ domain name. The computer would then try to access this resource as normal, potentially sending authentication tokens or other details to the computer that ‘’ was pointing to.

     Microsoft started working on this problem in 2009 when it issued updates designed to mitigate the problem. They also issued updates in 2015 designed to further mitigate the issue. It turns out that a lot of computers simply never updated, as information never stopped flowing to ‘’. Microsoft has also recommended not using the default ‘corp’ setting in Active Directory for as long as they have known about the issue. Now at least with the domain in the hands of Microsoft they can monitor the incoming traffic and perhaps find out a way to stop it all together.