Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VeriSign: Flaw Is Bigger Threat to Grandma

NEW YORK -- Summary: At Kiwicon 2007, New Zealand researcher Beau Butler presented a flaw in how Microsoft Corp.’s Internet Explorer (IE) uses the Web Proxy Autodiscovery Protocol (WPAD) functionality for some international domains. Using this flaw, a malicious user could set up a WPAD server and send proxy configuration commands to the vulnerable computer. Microsoft originally fixed this vulnerability in Security Bulletin MS99-054, by changing the way that Internet Explorer searches for WPAD servers. The new flaw discovered by Mr. Butler specifically impacts and, which are still part of the default WPAD search order. It is possible that other top-level domains (TLDs) suffer from the same vulnerability in the default search order.

WPAD Threats:

A malicious user or group could use this vulnerability to redirect all HTTP and HTTPS traffic from their victims to a malicious server. Attackers can use this technique to steal online banking usernames and passwords as well as monitoring, logging and manipulating other sessions.

There are no known ongoing attacks, but several domains in the existing search order are active. It would only require a configuration change to add a malicious WPAD configuration.

Consumers are at highest risk from this flaw, as most enterprises use technologies that limit the potential damage.

Mr. Butler published details of the flaw and registered the domain names “,” “” and “” in late June 2007.

VeriSign iDefense Quotes:

“Most enterprises are probably protected from this attack vector, but it is likely that the grandmas out there using their local ISP are not.” – Rick Howard, Director, VeriSign iDefense Intelligence Operations

VeriSign Inc. (Nasdaq: VRSN)