There was a story posted on NakedSecurity.Sophos.com about how the new gtld program has made it easier for cyber criminals to infiltrate and hack entire organizations. The vulnerability lies with WPAD, Web Proxy Autodiscovery Protocol, a system that makes it easy for organisations to configure the many web browsers inside their network. It is important to note that poorly configured networks are partially to blame for this as well.
Tip of the cap to Kate from Namepros for bringing the article to attention.
From the article:
A combination of poorly configured networks and new rules on internet domain names are giving cybercriminals a new and easy way to attack entire organisations, according to research out of the University of Michigan.
The vulnerability, described by US-CERT (the United States Computer Emergency Readiness Team) in alert TA16-144A issued 23 May 2016, affects computers that are using WPAD.
WPAD is short for Web Proxy Autodiscovery Protocol, a system that makes it easy for organisations to configure the many web browsers inside their network.
WPAD is supposed to find its browser configuration files on the internal network, but wily attackers may be able to trick WPAD into downloading booby-trapped versions of those configuration files from the public internet instead.
Worse still, if you use a work computer at home, and WPAD is enabled, you may very well end up searching for your browser configuration on the open internet every time, simply because your work network isn’t visible.
The article goes on to explain how the new gtlds are making things worse.
