AOH :: ISNQ5648.HTM

How to hack China for just $1,800

How to hack China for just $1,800
How to hack China for just $1,800


http://www.computerworld.com/s/article/9141060/How_to_hack_China_for_just_1_800?taxonomyId=17 

By Robert McMillan and Owen Fletcher
IDG News Service
November 17, 2009 

Fraudsters may have a hot deal waiting for them in the form of an 
obscure Chinese domain name that's for sale on the Internet.

The wpad.cn domain is for sale, according to a note posted on the Web 
site. That fact probably doesn't mean much to most people, but to Duane 
Wessels it's a big deal. He says that if it fell into criminal hands it 
could be misused for phishing or other types of fraud.

Wessels, the president of Measurement Factory, owns five wpad domains -- 
wpad.com, wpad.net, wpad.org, wpad.biz and wpad.us. Between them, he 
gets 5 million hits per day. Most of them come from Windows computers 
erroneously looking for network configuration information, thanks to a 
decade-old Windows bug that Microsoft first fixed in 1999.

Nobody knows why sites like Wessels' continue to get so much traffic 
long after Microsoft patched the flaw. He thinks it may come from old 
versions of Windows, obscure programs with built-in Web components, or 
perhaps even misconfigured servers on the network. Microsoft did not 
respond to a query about the issue on Tuesday.

According to Wessels, if criminals were to take control of the wpad.cn 
domain they could set themselves up as a proxy Web server for their 
victims, redirecting them to a phishing site or sneaking unwanted ads 
onto their computers.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods