1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable WPAD now or have your accounts and private data compromised

Discussion in 'Network World' started by RSS, Aug 10, 2016.

  1. RSS

    RSS New Member Member

    The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users' online accounts, web searches, and other private data, security researchers warn.

    Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections, said Alex Chapman and Paul Stone, researchers with U.K.-based Context Information Security, during the DEF CON security conference this week.

    WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page