Windows Transparent Authentication updates

[onatan at gmail.com (Jonatan B)]

On Nov 16, 2007 5:44 PM, Kurt Grutzmacher <grutz at jingojango.net> wrote:
> Check out Rsnake's blog on an idea to use DNS Pinning to fake out IE's trust zone -
> http://ha.ckers.org/blog/20071112/effects-of-dns-rebinding-on-ies-trust-zones/
>
> Very interesting theory but not sure it'll work that well given you need
> a very specific set of circumstances for transparent authentication to
> work in IE:
>
> 1. URL must be an internal IP address or hostname (no FQDN)
> 2. Server must send the correct domain workstation is a member of
> 3. Server must not be accessed via the proxy
>
> That kind of limits attacks from the Internet for a large majority of
> locations but doesn't make it impossible. I'm excited!

Then you'll be excited to see Dan Kaminsky tunnels everything over
a browser:
http://video.google.com/videoplay?docid=3470502418262982787