Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » Privacy » New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server

New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server
Category: Privacy
Published: 03/31/2007, 00:18  
Editor: Remus Zoica
 
Print article
Send to a friend
Search in reviews
    Recently Microsoft warned us about a new weakness point that could be used to divert web traffic through a malicious proxy server. For example Internet Explorer use the Web Proxy Automatic Discovery (WPAD) protocol to find a file that enables a browser to configure its proxy settings. Company representatives said It's possible to plant a configuration file that would route traffic through a malicious proxy. A malicious WPAD.dat file could be placed in the Domain Name System (DNS) or the Windows Internet Naming Service (WINS). The client application looks in DNS or WINS to resolve the name of the hosting that has the proxy configuration file. Microsoft said that after the file placed there, WPAD clients "may be able to route their Internet traffic through a malicious proxy server."

    Network managers should reconfigure DNS and WINS on their servers to help prevent the use of this hack. The recommended fix helps prevent the insertion of the malicious file in the server's Domain Name System (DNS) or Windows Internet Naming Service (WINS). The fix is for Windows Server 2003 and Windows 2000 Service Pack 4.

More information is available from Microsoft:

"Client software that is configured to use Web Proxy Automatic Discovery (WPAD) must be able to contact a host that serves a proxy automatic configuration file (Wpad.dat). A WPAD-configured client can use several methods to locate a host that contains a Wpad.dat file. Two of these methods require a WPAD entry to be registered in Domain Name System (DNS) or in Windows Internet Naming Service (WINS). Registering a WPAD entry in DNS or in WINS enables clients to resolve names of hosts that contain proxy automatic configuration files.
If an entity can surreptitiously register a WPAD entry in DNS or in WINS, and this entry resolves to a host with a malicious Wpad.dat file, WPAD clients may be able to route their Internet traffic through a malicious proxy server. Network administrators who have not already registered legitimate WPAD entries in DNS or in WINS, and network administrators who have not correctly implemented WPAD through DHCP and Option 252, must reserve static WPAD DNS host names and WPAD WINS name records. By doing this, network administrators help prevent possible malicious registrations."

The five steps used to reserve static WPAD DNS host names and to reserve WPAD WINS name records, are available at their web site: http://support.microsoft.com/kb/934864
Bookmark to:
Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Del.icio.us Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to digg Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to FURL Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to reddit Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Technorati Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Yahoo My Web Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Stumble Upon Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Google Bookmarks Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to RawSugar Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Squidoo Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Spurl Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Netvouz Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Rojo Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Bloglines Add 'New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server' to Tailrank
Add comment
Security Software Zone is not responsible for the content of these User comments. The views and opinions expressed are those of the individual poster and not the Security Software Zone.
User comments (0):

There is no comment for this review.
 
Reviews related to New Threat That Can Be Used to Divert Web Traffic Through a Malicious Proxy Server
 

With Release of New 2GeeksinaLab Technology Piracy is Dead
 2GeeksinaLab is proud to introduce a quantum leap in digital content protection that protects digital content on any computer readable medium on any platform, called iGarde Disc technology.
Read More >
06/12/2008, 12:11
 

New Laws to Fight the Growing Problem of Identity Theft - nited States Department of Justice proposed legislation to Congress
 This new legislation would ensure on a corporate level that those who steal personal data from an organization or business can be prosecuted.
Read More >
08/01/2007, 16:34
 

ParetoLogic Privacy Controls Software Heralds
 ParetoLogic has released the newest tool in its security software toolkit. Deleting unwanted and unnecessary files, message histories, music, images, and videos, ParetoLogic Privacy Controls erases to U.S. military standards, enabling computer users to secure their confidential information and their privacy.
Read More >
01/09/2007, 10:19
 

The Role of SIEM in Protecting Critical IT Assets From Cyber Attacks is highlighted by a Webcast
 Security information and event management (SIEM) called out as a critical mechanism for preventing serious attacks from causing operational disruptions, increased costs and data loss.
Read More >
02/20/2008, 10:58
 

The Internet Keep Safe Coalition and Symantec - Internet Keep Safe Award for Efforts in Keeping Kids Safe Online
 Indiana’s State Superintendent of Public Instruction Dr. Suellen Reed has been awarded the Internet Keep Safe Award for her efforts in keeping kids safe online.
Read More >
07/27/2007, 15:39

Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District