Now, none of this was much of a security concern back in the day when it was impractical for employees to lug their bulky desktop computers and monitors outside of the corporate network. But what happens when an employee working at a company with an Active Directory network path called “corp” takes a company laptop to the local Starbucks?
Chances are good that at least some resources on the employee’s laptop will still try to access that internal “corp” domain. And because of the way DNS name devolution works on Windows, that company laptop online via the Starbucks wireless connection is likely to then seek those same resources at “corp.com.”
In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.
One of the things we are slowly learning is that our ten-, twenty-, and thirty-year-old bad security decisions are biting us hard. Consider, for example, how infrequently anyone but the most security-conscious people gave even a passing thought to password re-use just a few years ago. Dozens of high-profile breaches involving billions of accounts later, it’s something we’re only beginning to take seriously.
Update: Microsoft bought the domain in April 2020.