A serious security flaw affecting every version of Microsoft (NSDQ:MSFT) Windows operating systems, including Vista, could enable cyber criminals to take control of an untold number of machines around the globe and manipulate personal information. The bug, which was first reported by the Sydney Morning Herald, was demonstrated last week at the Kiwicon hacker conference in New Zealand by researcher Beau Butler.
The vulnerability could ultimately compromise millions of home or office machines, particularly those located outside the U.S., subjecting them to attack by cyber criminals who could then acquire passwords, monitor Internet use, or steal personal, financial or identifying information. "The real risk here is, someone else may automatically configure your proxy for you and redirect traffic through their malicious server," said Oliver Friedrichs, Symantec security response director. "A lot of that traffic is encrypted, but the attacker could intercept it and cause it to be unencrypted."
View: The full story @ CRN
The vulnerability could ultimately compromise millions of home or office machines, particularly those located outside the U.S., subjecting them to attack by cyber criminals who could then acquire passwords, monitor Internet use, or steal personal, financial or identifying information. "The real risk here is, someone else may automatically configure your proxy for you and redirect traffic through their malicious server," said Oliver Friedrichs, Symantec security response director. "A lot of that traffic is encrypted, but the attacker could intercept it and cause it to be unencrypted."
View: The full story @ CRN
And just to have mentioned it: .com isn't specificially a U.S. domain since everybody registers a .com TLD nowadays.
Still not sure about Firefox, but I would think it's likely vulnerable as well. Just a guess though.
Still not sure about Firefox, but I would think it's likely vulnerable as well. Just a guess though.
Firefox doesn't use the same web proxy settings I don't think, but many other things in Windows do.
Someone has to reconfigure your computer to do this, plus it's from Symantec.
Someone has to reconfigure your computer to do this, plus it's from Symantec.
Someone has to reconfigure your computer to do this, plus it's from Symantec.
It would require that the proxy server by compromised. On a LAN that's not likely, and it would be pretty difficult to intercept that at your ISP's level too.
Any browser that installs with this auto proxy detect feature turned on is vulnerable. It's akin to DHCP discovery, your web browser queries another server for proxy setup information, and then blindly accepts it. The tricky part is the details where someone causes computers on your local network to load false information that can send all your traffic through a man-in-the-middle proxy of their choice that can then analyze your traffic and pick out the juicy bits.
If someone can poison your local DNS with false information (WPAD resolution), they can make your web traffic proxy through an external server.
Effective firewalling and proper internal DNS setup can prevent this from being a problem.
How to configure Microsoft DNS and WINS to reserve WPAD registration - kb934864
Last edited by gollux on 30 Nov 2007 - 04:48
Yep, and Microsoft has been the King of proving that a lot of ifs can make a whopping hole. Many's the time we've been told that something was a mere denial of service problem, only to find out within the month that it was a fully remote exploitable buffer overflow. Heh!
lolz, get off the internet people !
Who gives a ****. It's a 1 in a billion chance.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.