In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.
I had no idea that a seemingly innocuous default chosen decades ago had this much of an impact.
(Edited for updates.)
The more correct version of the headline is:
“Microsoft Buys Corp.com So Other Bad Guys Can’t”
The technical stuff is ancillary; Microsoft now has a new way to snoop on their users’ stuff. The only way to prove me wrong on that, would be to null-route (to 0.0.0.0) everything referring to corp.com.