Information Security News mailing list archives
How to hack China for just $1,800
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 18 Nov 2009 00:46:03 -0600 (CST)
http://www.computerworld.com/s/article/9141060/How_to_hack_China_for_just_1_800?taxonomyId=17 By Robert McMillan and Owen Fletcher IDG News Service November 17, 2009 Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet. The wpad.cn domain is for sale, according to a note posted on the Web site. That fact probably doesn't mean much to most people, but to Duane Wessels it's a big deal. He says that if it fell into criminal hands it could be misused for phishing or other types of fraud. Wessels, the president of Measurement Factory, owns five wpad domains -- wpad.com, wpad.net, wpad.org, wpad.biz and wpad.us. Between them, he gets 5 million hits per day. Most of them come from Windows computers erroneously looking for network configuration information, thanks to a decade-old Windows bug that Microsoft first fixed in 1999. Nobody knows why sites like Wessels' continue to get so much traffic long after Microsoft patched the flaw. He thinks it may come from old versions of Windows, obscure programs with built-in Web components, or perhaps even misconfigured servers on the network. Microsoft did not respond to a query about the issue on Tuesday. According to Wessels, if criminals were to take control of the wpad.cn domain they could set themselves up as a proxy Web server for their victims, redirecting them to a phishing site or sneaking unwanted ads onto their computers. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- How to hack China for just $1,800 InfoSec News (Nov 17)