cancel
Showing results for 
Search instead for 
Did you mean: 

WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Hi All
You may want to have a look at:
WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users
Quote
If you’re already thinking, “proxy? I don’t use one!”… you might want to keep reading.
WPAD – Web Proxy Auto-Discovery – is a method of automatically configuring a browser’s proxy settings, using DHCP and DNS. Wikipedia has a good article on WPAD covering the details, so I won’t repeat them here.
Your browser’s proxy settings must be configured with care; if a malicious actor were able to install themself as your proxy, they would acquire the ability to monitor all of your web surfing activity. Technically, this is called a ‘Man in the Middle’ attack.
Sadly WPAD has some serious flaws. In particular, if DHCP discovery fails… WPAD reverts to a crude search for a source of configuration using DNS. This appears to be governed by the DNS suffixes used to resolve unqualified domain names (see the Advanced TCP/IP Settings dialog, right).
As a result… on a UK Windows PC… if WPAD is enabled… your browser may request proxy configuration from the domain WPAD.CO.UK using the URL http://wpad.co.uk/wpad.dat .
Read More Here


11 REPLIES
Razer
Grafter
Posts: 1,375
Registered: 17-11-2012

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Mine is already disabled.
Here's an article on it from 2008.
EDIT:
An interesting demonstration video from auditcasts.
Community Veteran
Posts: 1,770
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Worrying stuff.  I'm not totally conversant.  Is is only a threat if you use internet explorer?  I read the article and it isn't very clear to us 'strugglers' with computers.  Lips are sealed
Edit:  Just checked firefox settings , and  configure proxies to access the internet is set to 'no proxies'.  So hopefully I'm safe.  Smiley
Community Veteran
Posts: 4,916
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Before everyone panics as much as the author of the nodpi.org article, I don't think your computer will go asking wpad.co.uk for proxy configuration unless it's a member of example.co.uk domain.
Home computers aren't usually a member of any domain. Home computers use workgroups / homegroups.
Moderator
Moderator
Posts: 17,249
Thanks: 904
Fixes: 102
Registered: 11-01-2008

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

there's only one thing for it
CANCEL YOUR BROADBAND AND UNPLUG YOUR PHONE!
Roll eyes
Will Moderate For Thanks
Community Veteran
Posts: 1,770
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

I'm putting a tin-foil cap on too (no point in taking any chances) Crazy Crazy
dick:quote
Razer
Grafter
Posts: 1,375
Registered: 17-11-2012

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

I've already posted another link from further back and a perfectly reasonable demonstration video link from people who know what they're talking about and are not the 'loons' some of you are implying. Just because one repeater of this information might be a bit whacky it does not invalidate the fact that this is a real security issue. Do you react in the same, ridiculous way to any exploit announcement?
Community Veteran
Posts: 1,770
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Razer,  I have done a little bit of research on this and yes it is very worrying. most worrying is the fact that by exploiting this it is possible to take over a wireless modem. I'm not really up to speed with it, but the person who accesses can take over any device connected to it though ( for some reason) cannot access your data.
I may have misunderstood the article, so please don't pillory me if I did.
As for the humour...I'm not ridiculing the article or you, it's more a case of 'gallows humour'. Smiley
Razer
Grafter
Posts: 1,375
Registered: 17-11-2012

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

Excuse me, 'doris', my post wasn't directed at you in isolation. I should have made that more clear. I was just a bit annoyed at a real issue being mocked as 'something for the crazies' kind of thing, which really wasn't helped by the somewhat hyperbolic article first linked to in the OP. That's why I sought out other links to post because I knew about this issue already and wanted to post something more reasonably put whilst still informing people.
Smiley
Moderator
Moderator
Posts: 17,249
Thanks: 904
Fixes: 102
Registered: 11-01-2008

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

sorry, but I just don't see it been a big issue - unless you've had some malware that infects can alter your hosts file or someone has physical access to you machine.
Will Moderate For Thanks
Community Veteran
Posts: 1,894
Thanks: 3
Registered: 20-10-2012

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

I was on Compuserve for 6 years before the internet began. I've yet to be attacked!
I take all these so-called threats with a piece of salt. If they really were a threat then thousands, if not millions, would have been compromised and we would have been aware for months and virus checkers would all be protecting against them. Of course some environments may be threatened but they will already have the right protection.
If I had responded to them in an alarmist way I would be wearing a tin hat and, be in a bunker 30' underground by now! Just use a bit of common sense mateys.
An up to date virus checker and firewall is your best protection. Leave it to the experts!
Geoff,
York.
Community Veteran
Posts: 4,916
Thanks: 335
Fixes: 16
Registered: 10-06-2010

Re: WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users

It has nothing whatsoever to do with malware altering your hosts file, and requires no physical access to your computer.
There are 2 different issues:
1. Windows will retrieve proxy configuration from any computer that has named itself WPAD on the local network. This requires the attacker to be connected to the local network.
2. If Windows doesn't find a computer named WPAD, it might read the proxy configuration from http://wpad.co.uk/wpad.dat - but only after looking for wpad.yourdomain.co.uk, or perhaps if you've fiddled with the DNS settings and set Windows to add .co.uk to unqualified names.
Once you've set someone's proxy, you can capture all their web traffic.
Since most home computers aren't part of a .co.uk domain, it doesn't affect so many people.
I firewall would only protect you if it's blocking all the Windows networking protocols e.g. because you're on public wifi and configured the connected as an untrusted public network. I don't see how a virus checker is relevant to this.