Risky Business #41 -- WPAD: Register a domain, pwn a country

Previously on Risky Business...
04 Dec 2007 » Risky Business

Welcome to this special, "head for the hills" edition of Risky Business. We'll be talking about the WPAD bug this week. There's currently NO PATCH for this bug, but seeing as it's being widely exploited and everyone's seemed to know about it for years -- everyone except Microsoft -- we'll be focussing this week's podcast on the glitch.

We'll also give you the information you need to mitigate it until Microsoft patches it. Mitigation is probably a good idea in this case because it isn't just Microsoft software that's affected.

You'll hear me talk about some Snort signatures ITRadio is providing to its listeners that will detect the problem in your enterprise. You can find them here.

I mention in the show that Butler's slides would be available for download from this site. They're not available yet -- check back in a couple of days.

On this week's show:

  • Munir Kotadia joins us with this week's ZDNet Australia headlines
  • Risky Business looks at Beau Butler's discovery of the WPAD bug. It's choice, bro.
  • James McMahon from Verizon Business Security Solutions talks government databases in this week's sponsor interview