WPAD (Web Proxy Auto Discovery) is a method used by web clients to automatically locate a browser configuration file used to connect through proxy. Successful attack on WPAD guarantees attackers full access on user data sent to Internet which could allow stealing critical data like passwords or credit card numbers. WPAD potential danger depends on two factors: default configuration and weak awareness among users. In this article we discuss WPAD architecture and its many functioning principles in home and corporate networks, real examples of attacks and give recommendations for ordinary users and system administrators that allow reducing attack consequences. Whitepaper: http://www.securitylab.ru/_download/articles/wpad_weakness_en.pdf Simple Freeware Network Checker to detect potentially dangerous entries in DNS and WINS name servers: http://www.securitylab.ru/news/extra/380522.php Direct url: http://www.ptsecurity.ru/download/wpadcheck_en.zip Notes: * The utility does not recognize DNS and WINS services so do not scan hosts without this services ? it is useless; * .NET Framework. Is required for the utility. --- I hope this is helpful. Sergey --------------------------- About Positive Technologies Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; the development of the Securitylab en.securitylab.ru leading Russian information security portal. PTResearch Lab: http://en.securitylab.ru/lab/
