A combination of poorly configured networks and new rules on internet domain names are giving cybercriminals a new and easy way to attack entire organisations, according to research out of the University of Michigan.
WPAD is short for Web Proxy Autodiscovery Protocol, a system that makes it easy for organisations to configure the many web browsers inside their network.
How the gTLD project made it worse
Global top-level domains include names that don’t denote any geographical region, such as .com,.org and .net.
In the beginning, the internet had just 7 gTLDs and the number grew very sedately until 2011, by which time there were 22.
But in 2012 ICANN (the Internet Corporation for Assigned Names and Numbers) threw the doors open and started taking applications for the creation of brand new gTLDs and today there are more than 700 of them.
The expanded crop of gTLDs includes everything from .ninja to .city and a number of things that companies might plausibly use internally such as .office, .network, .global and .group.
Domain names that once kept companies immune from WPAD data leakage, because they only worked inside the company, are starting to work outside the company too – and they’re up for sale.
Organisations can no longer assume that the domain names they made up for their private DNS won’t work on the internet, so the problem of WPAD data leakage has become a genuine vulnerability.
Check out the complete article here
P.S. The link to this article was posted on TheDomains.com
WPAD is short for Web Proxy Autodiscovery Protocol, a system that makes it easy for organisations to configure the many web browsers inside their network.
How the gTLD project made it worse
Global top-level domains include names that don’t denote any geographical region, such as .com,.org and .net.
In the beginning, the internet had just 7 gTLDs and the number grew very sedately until 2011, by which time there were 22.
But in 2012 ICANN (the Internet Corporation for Assigned Names and Numbers) threw the doors open and started taking applications for the creation of brand new gTLDs and today there are more than 700 of them.
The expanded crop of gTLDs includes everything from .ninja to .city and a number of things that companies might plausibly use internally such as .office, .network, .global and .group.
Domain names that once kept companies immune from WPAD data leakage, because they only worked inside the company, are starting to work outside the company too – and they’re up for sale.
Organisations can no longer assume that the domain names they made up for their private DNS won’t work on the internet, so the problem of WPAD data leakage has become a genuine vulnerability.
Check out the complete article here
P.S. The link to this article was posted on TheDomains.com
