funsec mailing list archives
Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 26 Nov 2007 11:39:58 +0100
More: | In the most sensational presentation of the conference, security | researcher Beau Butler showed us how Microsoft's completely half-arsed | fix of a known issue - problems with Windows Proxy Autodiscovery - could | be used by the more evil among us to seize control of vast numbers of | workstations. Due to a bug in Microsoft's WPAD functionality, proxy | auto-configuration requests frequently wind up popping out on to the | Internet. | | That means bad, bad people can load up your workstations with false | proxy information. That's right, Butler had figured out a way to run a | man-in-the-middle attack on hundreds of thousands, if not millions, of | workstations in his home country. You'll be hearing more on this, but in | the mean time it would make sense to configure a wpad server in your | organisation to stop Microsoft's silly software from seeking proxy | configuration files from evil hackers outside your organisation. <http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=6100986> I'd guess the bug is not locale-specific, but depends on the fact that the code considers domain1.co.nz to be equivalent to domain2.co.nz. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Paul Ferguson (Nov 25)
- RE: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey William Lefkovics (Nov 25)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Florian Weimer (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Nick FitzGerald (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Florian Weimer (Nov 26)
- Re: 'Shocking Flaw' Leaves Microsoft Looking Like a Turkey Nick FitzGerald (Nov 26)