Author Topic: WPAD vulnerability around since 1999!  (Read 4016 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33899
  • malware fighter
WPAD vulnerability around since 1999!
« on: November 27, 2007, 08:21:45 AM »
Hi malware fighters,

Being around since 1999 and still not fully patched: http://www.frsirt.com/english/advisories/2007/1115
http://www.theregister.co.uk/2007/11/26/wpad_vuln_investigated/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: WPAD vulnerability around since 1999!
« Reply #1 on: November 27, 2007, 12:01:30 PM »
Wow... what a difficult thing to manage ;D
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33899
  • malware fighter
Re: WPAD vulnerability around since 1999!
« Reply #2 on: November 27, 2007, 02:38:24 PM »
Hi Tech,

The quintessence is this:
"Web Proxy Auto Discovery is an interestingly
still-active-after-all-these-years design misfeature
courtesy of Microsoft. It is of particular relevance to
those of us who 'live' anywhere except the .com domain, as
Microsoft fixed it for .com a long time ago, but due to it's
DNS-(ab)using nature it is still a problem for everyone
else. This talk will explain the mechanism and it's
ramifications in some detail, and collect and present
statistics of interest. Oddy will also be explaining all the
ways in which networks can be configured in order to make
wpad leakage a non-problem." (said at this Redhat conference)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48556
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: WPAD vulnerability around since 1999!
« Reply #3 on: November 27, 2007, 03:18:16 PM »
Since all of these refer to Server additions, can I assume that
since I'm running XP Home SP3, this isn't anything to worry about?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: WPAD vulnerability around since 1999!
« Reply #4 on: November 27, 2007, 04:30:16 PM »
With the exception of Windows 2000 Professional Edition that is
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33899
  • malware fighter
Re: WPAD vulnerability around since 1999!
« Reply #5 on: November 27, 2007, 08:14:08 PM »
For bob3160, DavidR, and others,

No folks, read the article in "El Reg" where it says: "A Microsoft spokesman had only minimal details about the investigation, which was prompted by a presentation last week by researcher Beau Butler at the Kiwicon security conference in New Zealand. According to this report in the Sydney Morning Herald, the flaw affects every version of Windows including Vista and is actually the continuation of an old vulnerability that Microsoft supposedly fixed years ago."

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!