Disable WPAD Now or Have Your Accounts Compromised, Researchers Warn

It's enabled by default on Windows (and supported by other operating systems) -- but now security researchers are warning that "Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections," according to CSO. Slashdot reader itwbennett writes: Their advice: disable WPAD now. "No seriously, turn off WPAD!" one of their presentation slides said. "If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file"... A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.

No How To??

[zenlessyank]

To prevent Windows from tracking which network support WPAD, you need to make a simple registry change:

        Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results
        Navigate through the tree to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
        Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)"
        Name this new value "WpadOverride"
        Double click the new "WpadOverride" value to edit it
        In the "Value data" field, replace the "0" with a "1", then click "OK"
        Reboot the computer

WPAD?

[TechyImmigrant]

If you were finding the summary to be less than clear on WTF it was referring to.. WPAD = Web Proxy Autodiscovery Protocol.