Some of Our Sources
- BoingBoing
- Just Creative
- TutsPlus - Design
- My Ink Blog
- Stylized Web
- Wal You
- Spyre Studios
- Android Headlines
- The Verge
- TechPowerUp
Help Webnuz
Referal links:
August 13, 2016 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tAxlJzQrNfw/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn
Disable WPAD Now or Have Your Accounts Compromised, Researchers Warn
It's enabled by default on Windows (and supported by other operating systems) -- but now security researchers are warning that "Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections," according to CSO. Slashdot reader itwbennett writes: Their advice: disable WPAD now. "No seriously, turn off WPAD!" one of their presentation slides said. "If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file"... A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tAxlJzQrNfw/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot