At the ShmooCon hacker conference, researchers with security firm IOActive claimed a design bug in the system used by Windows PCs to obtain proxy settings could let attackers hijack traffic. Internet Explorer on Windows PCs by default searches for a proxy server using the Web Proxy Autodiscovery Protocol and an attacker can easily register a proxy server on a network using the Windows Internet Naming Service, and other network services including the Domain Name System."I can put up the equivalent of a detour sign on your network and redirect all the traffic," said Chris Paget, director of research and development at IOActive. If an attack is successful, all traffic on a network will flow through the attacker's proxy meaning the attacker can access all the data, redirect and manipulate it to his heart’s content. Fortunately, an attack is possible only with access to the target network, not from the Internet: "The biggest risk inside a corporation would come from a malicious insider. This is not worthy of mass panic or critical advisories.”
Source: News.com
Source: News.com
0 Comments:
Post a Comment