New Top Level Domains Could Expose Companies To Risk
An article review.
Opportunistic hackers could register new TLDs hoping to prey on misdirected internal traffic
The US Computer Emergency Readiness Team (US-CERT) recently issued a statement for organizations who use top level domain names to route internal traffic, warning that misconfigured proxy servers could route requests for those names to newly registered external domains.
The potential attack is linked to the Web Proxy Auto-Discovery (WPAD) service in Windows, which attempts to standardize web proxy configurations across a network by downloading settings from a central server. Domain name requests intended for WPAD have been observed reaching servers on the open internet in the past, potentially leading to a situation where internal network traffic gets routed to a domain specifically selected to try and catch these requests for malicious purposes.
Considering the increase in top level domain names from less than a dozen to over 1,200 it’s impossible to know what formerly unused names could become live in the future, so security experts suggest companies either use names they’ve registered themselves or make certain no internal DNS requests can make it to the outside.
Original article by US-CERT.
Leave a comment
K-12 teachers offered training to help give every student an education in cybersecuri Read more
Battling Procedure Fatigue in Cybersecurity . . . Or . . . making sure we don’t just Read more
Weekly themes for the annual event have been announced… An article review. October is Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more