(whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team]
WPAD (Web Proxy Auto Discovery) is a method used by web clients to automatically
locate a browser configuration file used to connect through proxy.
Successful attack on WPAD guarantees attackers full access
on user data sent to Internet which could allow stealing critical data like
passwords or
credit card numbers. WPAD potential danger depends on two factors: default
configuration and weak awareness among users.
In this article we discuss WPAD architecture and its many functioning
principles in home
and corporate networks, real examples of attacks and give recommendations for
ordinary
users and system administrators that allow reducing attack consequences.
Whitepaper:
http://www.securitylab.ru/_download/articles/wpad_weakness_en.pdf
Simple Freeware Network Checker to detect potentially dangerous entries in DNS
and WINS name servers:
http://www.securitylab.ru/news/extra/380522.php
Direct url:
http://www.ptsecurity.ru/download/wpadcheck_en.zip
Notes:
* The utility does not recognize DNS and WINS services so do not scan hosts
without this services ? it is useless;
* .NET Framework. Is required for the utility.
---
I hope this is helpful.
Sergey
---------------------------
About Positive Technologies
Positive Technologies www.ptsecurity.com is among the key players in the IT
security market in Russia.
The principal activities of the company include the development of integrated
tools for information security monitoring (MaxPatrol); providing IT security
consulting services and technical support; the development of the Securitylab
en.securitylab.ru leading Russian information security portal.
PTResearch Lab:
http://en.securitylab.ru/lab/