No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Microsoft, admits, man, the, middle, vulnerability
Juniper offers SSL VPN security for the iPad
Juniper Networks has extended its SSL VPN security to the iPad with the release...
Read More
Social networking - the security dilemma
A recent survey by security company Sophos exposes the dilemma to business posed by...
Read More
How unique is your presence on the Internet?
You might think that thousands, nay millions of people will be on the Internet...
Read More
AppLabs and Original Software Partner to Help Clients Take the Step from Manual to Automated...
- Sponsored Editorial - AppLabs sees huge value proposition for its clients with...
Read More
Planit tests the water in New Zealand
- sponsored editorial - Australian independent software testing and training organisation, Planit,...
Read More

More From

Popular Threads

Microsoft admits man in the middle vulnerability

Stephen Withers
Wednesday, 05 December 2007 04:44

Business IT - Security

View Comments
Microsoft has confirmed the existence of a Windows vulnerability recently disclosed by New Zealand software engineer Beau Butler.
The WPAD vulnerability was fixed some time ago for domains registered in top level domains such as .com and .net, but not - it turns out - for those in national and other second level domains such as .com.au or .co.nz.

The problem is in the way Windows' web proxy auto-discovery (WPAD) feature works. Using Microsoft's example to illustrate the process, a web client in the western.corp.contoso.co.us domaim would start by querying wpad.western.corp.contoso.co.us for a WPAD server. If that failed, it would try wpad.corp.contoso.co.us, and then wpad.contoso.co.us. So far, so good. But if that still fails, the next step is to try wpad.co.us, which is outside the organisation's domain.

This means someone registering wpad in a second level domain could set up a WPAD server that configures clients to use a proxy server under their control. That proxy would then provide its operator with a means of inspecting all the traffic flowing to and from those clients - a clear security issue.

wpad has already been registered in various namespaces, including .com.au, .co.nz and .co.uk.

The purpose of WPAD is to allow a web client to detect proxy settings without user intervention.

The vulnerability affects Windows 2000, XP, 2003 and Vista, and Internet Explorer 5, 6, and 7. Software from other vendors may also be affected if they use this feature.

Most home users would not have a primary DNS suffix configured, and so are not affected by the vulnerability, according to Microsoft.

While the company works to develop a patch for the problem, it suggests other customers take various protective measures including setting up a WPAD server within the organisation, configuring Internet Explorer so it does not attempt to automatically detect settings, disabling DNS devolution, and configuring a domain suffix search list.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases