security When domain names attack: the WPAD name collision vulnerability [Sophos]

Kate · May 25, 2016

When domain names attack: the WPAD name collision vulnerability

This is a rather technical article, but it highlights some unintended consequences of new extensions, and possible security risks. The bottom line: if your organization is using private domains like .local .network or .whatever - Watch out.
Previously inexistent extensions may now be available for sale on the market and resolve globally.

PS: the wpad trick is not the only possible example taking advantage of the technique.

A combination of poorly configured networks and new rules on internet domain names are giving cybercriminals a new and easy way to attack entire organisations, according to research out of the University of Michigan.

The vulnerability, described by US-CERT (the United States Computer Emergency Readiness Team) in alert TA16-144A issued 23 May 2016, affects computers that are using WPAD.

WPAD is short for Web Proxy Autodiscovery Protocol, a system that makes it easy for organisations to configure the many web browsers inside their network.

WPAD is supposed to find its browser configuration files on the internal network, but wily attackers may be able to trick WPAD into downloading booby-trapped versions of those configuration files from the public internet instead.

...
Source: https://nakedsecurity.sophos.com/20...attack-the-wpad-name-collision-vulnerability/

Joseph Green · May 26, 2016

Kate, a big thank you for sharing this article!

equity78 · May 26, 2016

Important story Kate blogged about it on TheDomains and gave you credit for the find.

mad409 · May 26, 2016

Looks like they need to beef up their security if they see an issue with new gTLDS. This is nothing new and didn't just come in to play because of the launch of new gTLDS.

Like they said in the article:

"We find that even though some attack surface domains have already been registered, the overall registration and exploitation status are still in the early stage, indicating that proactive protection strategies are still feasible."

mad409 · May 26, 2016

Some additional, watch the video.

https://www.icann.org/resources/pages/name-collision-2013-12-06-en

ricepotato.co

todaypkk.com

producer-muffet.com

unravel.ink

linkitchen.co.uk

autosbalears.com.es

estruendomudo.pe

electrotecnologico.cl

sagredellasardegna.it

isthebidenatordead.co

security When domain names attack: the WPAD name collision vulnerability [Sophos]

Domainosaurus RexTop Member

Established Member

Top Member

Always thinking outside the box!Top Member

Always thinking outside the box!Top Member

PressWallet.com

HomeCo.net

IziCoin.com

ChoiceLogic.com

healthinsuranceanswers.com

WaltonCapitalManagement.com

KleidarasAthina.gr

brainwaved.com

Upcoming.co

VitaminToken.com

Similar threads

We're social

PressWallet.com

HomeCo.net

IziCoin.com

ChoiceLogic.com

healthinsuranceanswers.com

WaltonCapitalManagement.com

KleidarasAthina.gr

brainwaved.com

Upcoming.co

VitaminToken.com

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling