Posted on Wednesday, April 08 2020 @ 14:07 CEST by Thomas De Maesschalck
But corp.com was definitely has most sensitive holding. Earlier this year, O'Connor decided to sell the domain to simplify his estate. He hoped Microsoft would buy it because a future sale to a malicious actor would result in a lot of damage as hundreds of thousands of PCs are constantly trying to share sensitive data with corp.com.
This is because in old versions of Windows, "corp" was the default or example Active Directory path. Many companies adopted this insecure setting and that causes issues when employees take a laptop outside of the corporate network. Basically, the gist is that due to historical errors made by Microsoft and network admins, the corp.com domain is passively intercepting sensitive data from hundreds of thousands of computers:
Now, none of this was much of a security concern back in the day when it was impractical for employees to lug their bulky desktop computers and monitors outside of the corporate network. But what happens when an employee working at a company with an Active Directory network path called “corp” takes a company laptop to the local Starbucks?
Chances are good that at least some resources on the employee’s laptop will still try to access that internal “corp” domain. And because of the way DNS name devolution works on Windows, that company laptop online via the Starbucks wireless connection is likely to then seek those same resources at “corp.com.”
In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.
