Comments on: Windows weakness can lead to network traffic hijacks

Problem in the way Windows PCs obtain network settings could let attackers hijack traffic, researchers warn.

[n3td3v]

not new

the same concept is used when trying to intercept data on a wireless connection.

they have just switched the concept around on something else.

interesting, but nothing new to see here.

[timber2005]

would it...

Could it also affect mac and linux with the same idea?

[rcrusoe]

"The biggest risk ... would come from a malicious insider"

and the FBI reports that only about 70% of all attacks come from insiders.

Right, this isn't a big concern at all.

[Penguinisto]

Heh - and WiFi networks...?

c'mon... this would be drop-easy to set up in a place w/ free Wifi access (or in any place w/ Wifi anyway, such as companies or apartment complexes), sometimes even if the network has an existing proxy (mostly because even if there were a proxy, you can set one up anyway and still have a 50-50 shot at it, depending on setup).

/P

[McAdmin77]

OMG! BE AFRAID! BE VERY AFRAID!

Because it's so hard to UNCHECK THE BOX that says "Automatically detect settings." Please, if your company is vulnerable to this "vulnerability", you need to get a better pc deployment group - you know, one that's smart enough to specify a proxy or pac on your standard image.

[paulsecic]

Or

buy Mac OS 6.6.00.

[Phillep_H]

Knowledge

They have to know there is a problem and remember to hit that box, along with dozens of other minor tasks in the middle of a busy shift. Better and safer that the auto detect default to "no".

[Stating]

Insiders From The Outside

It seems to me that a hacker from outside a company who was able to infiltrate a corporate PC and take it over could then install a proxy server on that PC and thereby gain access to network traffic on uncompromised PCs. This would really magnify the effect. Is there any reason this would not work?

[EnvisionOne]

This has more to do with...

DNS and WINS services in general accepting updates dynamically from DNS/WINS clients. If the service is not secured, then anything can happen, including bad proxy server updates.

[esblake]

What is going on.

Are you people really that stupid. Now we have a reputable IT company CNET blowing up a story as a major weakness in windows. Holy Crap...This is a major weakness in ANY network. But, lets jump on the bashing MS band wagon....Jeeze, I was just starting to like the updates from CNET now it appears I will have to trash it along with my Mac Mags....

Pull your heads out of the sand, discuss the problem like it really is in todays market and lets address it. I can't believe someone is writing about OS2--I have the install floppies keeping my storage table level...jeeze!

YES 70% of ALL TYPES OF corporate attacks are from the INSIDE, have been for the last 20 years!

Come on people get life, turn on the lights and open your eyes!

Or--wait...Maybe it is easier for everyone to live in your own make-believe-lands.

For me I am going to work in the real world on Monday and Yes believe it or not OS/2 is NOT AN OPTION!

[Commander_Spock]

Lotus Notes 8.0 Is About To Be Launched; And....

... God help you if OS/2 becomes one of the "Eclipse Stack" options (as LINUX is) for old times sake and if this be the case then--your lunches and dinners may be gone ("work in the real world" disrupted) because of your apparent Windows Only Ways! Ha! Ha! Ha!

[inachu]

This makes matters even worse.

Many times on a lan people from work bring in routers from home so they can use more than one pc at a time.

Little do they know that router is handing out new ip addresses which is another way to sniff the network.

[wolivere]

Any IT group in a company large enough to fear

This that has not known about this issue or dealt with it should be fired.

It is not only MS, its Mac, its Linux, all are vulnerable.

Lots of company's are dealing with inside users who set up there own proxy's and tunnel out through the firewall. Its always fun catching them and letting HR deal with them.

Now how much of a threat is this? Well depends, on what the heck your allowing out on the Internet from the inside, what data is avalible, how its accessed how its viewed.

There are so many questions on this.

I still am boggled at how elaborate some internal users get when they just need to be able to get there home email, IM from within the company network. That they risk there job and criminal charges just to do it.

I feel very sorry for some of these people when I sit in on there exit interview as HR fires them.

And every once in a while, I laugh, when someone says its there right to be able to do what they want with the internet.

Any how again, not a real worthy article.

[ZenOfJazz]

Of course No one has WIRELESS - DUH!

Especially not wireless configured by a PHB, so it's not secured, and has a foot print that reaches to the coffee shop across the street...

So yeah, no one needs to worry about this possible hijack vector. <sticks head back into the sand>.

[wbenton]

Per C2 Security

Per C2 Security, ALL unnecessary protocols and programs should be Disabled including WPAD.

But per Microsoft, they've kindly enabled WPAD as with a bunch of other security weak protocols. But sadly,the only way to remove it is via editing the registry. Microsoft can be thanked for that one too... (* GRIN *)

For those who want to disable it, Microsoft recommendation is here: http://support.microsoft.com/kb/271361

Editing the registry is like water off a duck's back for me, but for the "not so PC guru" types... make sure you backup your registry before you use the scalpel to modify the registry!

Walt

[Commander_Spock]

Lest We Forget....

... as in STAR FLEET... there has to be "HMS ARCH ROYAL" Sailing The Atlantic To Be Near You--To Be Free--Do the have a Real-Time (OS/2 WARP) Secure Network too!

TO BOLDLY GO!!

BEAM US DOWN SCOTTY!

[lesfilip]

Commander_Spock is a talkbot

Not human.