Cac chuyen gia nghien cuu bao
mat vua phat hien mot truc trac trong phuong thuc ket noi mang cua Windows hoan
toan co the bi tin tac loi dung de an cap du lieu.
Hang bao mat IOActive cho biet loi bao mat tren thuc ra la mot loi thiet ke
trong he dieu hanh. Loi nay phat sinh trong qua trinh Windows ap dung thiet lap
proxy. Hau qua la tin tac co the truy cap, chen them cac proxy doc hai va doc
duoc moi du lieu duoc truyen tai tren he thong mang muc tieu.
"Dieu nguy hiem o day la tin tac co the chu dong bien thanh may chu proxy ma
khong he khien cho nguoi chu so huu mang bi tan cong biet," Chris Paget -
Giam doc D&R cua IOActive - cho biet. "Tin tac hoan toan co the thay doi
huong truyen du lieu tren he thong mang muc tieu".
Ong Paget cho biet Internet Explorer theo mac dinh thuong tien hanh tim kiem mot
may chu proxy bang thu tuc Web Proxy Autodiscovery Protocol (WPAD). Tin tac co
the de dang thiet lap mot may chu proxy tren mang su dung dich vu Windows
Internet Naming Service (WINS) hoac Domain Name System (DNS) giup chung chuyen
huong du lieu mang.
 Microsoft
da xac nhan loi bao mat noi tren. "Neu mot ai do co the thiet lap thanh cong
mot WPAD thong qua DNS hoac WINS clients thi ho co the chuyen huong toan bo
luong du lieu di qua mot may chu proxy".
Neu thanh cong thi tin tac co the chuyen huong moi du luong du lieu di qua may
chu proxy cua chung. Dieu nay dong nghia voi viec chung co the doc va lay duoc
moi du lieu do, ong Paget khang dinh.
Tuy nhien, chuyen gia nghien cuu bao mat Dan Kaminsky cho rang tan cong chi co
the thanh cong neu ke tan cong duoc tiep can truc tiep voi he thong mang chu
khong the tan cong qua mang Internet.
Truc trac voi thu tuc WPAD khong phai moi. Bay nam truoc day Microsoft da tung
phai va mot loi kha tuong tu trong Internet Explorer 5. Loi nay co the cho phep
tin tac loi dung trinh duyet de to chuc cac vu tan cong rong hon.
Theo CNet, VnMedia
Article source http://w4rum.com/940.t
| 