Security Alerts & News
by Tymoteusz A. Góral

History
#1235 Attack with WPAD protocol and PAC files can leak HTTPS traffic
Alex Chapman and Paul Stone from Context, a UK cyber security consultancy firm, have discovered a new attack method using the WPAD protocol and PAC files to leak information about the HTTPS sites a user is visiting.

Their discovery is yet another drop in the pit of exploits that use the widely insecure WPAD protocol.

WPAD stands for Web Proxy Auto-Discovery and is a protocol used to broadcast proxy configurations across a network. This "broadcasting" operation is done using proxy configurations called PAC files, or proxy auto-configs, which browsers or other Internet-connecting apps receive before being routed to their destination.
Read more
#1237 Google domain enables HSTS protection
#1236 Kaspersky DDoS Intelligence Report for Q2 2016
#1235 Attack with WPAD protocol and PAC files can leak HTTPS traffic
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12