http://www.computerworld.com/s/article/9141060/How_to_hack_China_for_just_1_800?taxonomyId=17 By Robert McMillan and Owen Fletcher IDG News Service November 17, 2009 Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet. The wpad.cn domain is for sale, according to a note posted on the Web site. That fact probably doesn't mean much to most people, but to Duane Wessels it's a big deal. He says that if it fell into criminal hands it could be misused for phishing or other types of fraud. Wessels, the president of Measurement Factory, owns five wpad domains -- wpad.com, wpad.net, wpad.org, wpad.biz and wpad.us. Between them, he gets 5 million hits per day. Most of them come from Windows computers erroneously looking for network configuration information, thanks to a decade-old Windows bug that Microsoft first fixed in 1999. Nobody knows why sites like Wessels' continue to get so much traffic long after Microsoft patched the flaw. He thinks it may come from old versions of Windows, obscure programs with built-in Web components, or perhaps even misconfigured servers on the network. Microsoft did not respond to a query about the issue on Tuesday. According to Wessels, if criminals were to take control of the wpad.cn domain they could set themselves up as a proxy Web server for their victims, redirecting them to a phishing site or sneaking unwanted ads onto their computers. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Nov 17 2009 - 22:46:03 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 17 2009 - 22:55:24 PST