<<< Date Index >>>     <<< Thread Index >>>

(whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team]



WPAD (Web Proxy Auto Discovery) is a method used by web clients to automatically
locate a browser configuration file used to connect through proxy.

Successful attack on WPAD guarantees attackers full access
on user data sent to Internet which could allow stealing critical data like 
passwords or
credit card numbers. WPAD potential danger depends on two factors: default
configuration and weak awareness among users.

In this article we discuss WPAD architecture and its many functioning 
principles in home
and corporate networks, real examples of attacks and give recommendations for 
ordinary
users and system administrators that allow reducing attack consequences.

Whitepaper:

http://www.securitylab.ru/_download/articles/wpad_weakness_en.pdf

Simple Freeware Network Checker to detect potentially dangerous entries in DNS 
and WINS name servers:

http://www.securitylab.ru/news/extra/380522.php
Direct url:
http://www.ptsecurity.ru/download/wpadcheck_en.zip


Notes:
* The utility does not recognize DNS and WINS services so do not scan hosts 
without this services ? it is useless;
* .NET Framework. Is required for the utility.

---
I hope this is helpful.

Sergey

---------------------------
About Positive Technologies

Positive Technologies www.ptsecurity.com is among the key players in the IT 
security market in Russia.
The principal activities of the company include the development of integrated 
tools for information security monitoring (MaxPatrol); providing IT security 
consulting services and technical support; the development of the Securitylab 
en.securitylab.ru leading Russian information security portal.

PTResearch Lab:
http://en.securitylab.ru/lab/