Tuesday, 27 March 2007

Windows Weakness Leads to Potential Network Traffic Hijacks

Security firm, IOActive, has flagged a problem regarding how Windows PCs obtain network settings, which could eventually lead to fraudsters hijacking traffic. The dilemma arises when a design bug in the system used by Windows PCs obtains proxy settings.

"The upshot of it is that I can become your proxy server without you knowing about it," Chris Paget, director of research and development at IOActive, said. "I can put up the equivalent of a detour sign on your network and redirect all the traffic", he added.

"When IE starts up, it will ask the network where its proxy server is," Paget said. "It is really easy to put up your hand and say: 'Here I am.'"

"If an entity can surreptitiously register a WPAD entry in DNS or in WINS clients may be able to route their Internet traffic through a malicious proxy server," Microsoft said.

The fraudster can by means of successful implemetation gain access to data, and use it as per his whim.

Microsoft has given out certain steps that network administrators have to follow in order to avoid the WPAD problem. According to the company, it is advisable to preserve static WPAD DNS host names and to reserve WPAD WINS name records. Due to this precautionary measure the fraudulent WPAD name will not work, Paget said.