[Swordmaker]

Link Only to an article from Ars Technica on a new man-in-the-middle attack which allows bad guys to gain data from people using WIFI hotspots about Secure websites you may be using, such as your banks or other websites that use HTTPS connections with encrypted connections. It works on any system, Mac, Windows, Linux, etc., because it relies on the industry standard of internet languages of the Hypertext communications after it leaves your computer environment. — PING!

Pinging dayglored, Shadow Ace, and ThunderSleeps for your ping lists due to cross platform security issues.

Multiple Platform Security
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[sauropod]

read

[Boogieman]

Well before everyone freaks out, this attack only works if the network operator deploys it. So unless you are using someone’s network who you can’t trust (or hackers are able to compromise the network you are using through some other means), it’s not going to affect you.

Even you did get hit with this attack, most of the HTTPS security would still remain intact. They would not, for example, be able to decrypt any of the encrypted web traffic that is passed thru HTTPS.

[Gideon7]

The Ars Technica article talks about using WPAD to leak URLs. Microsoft issued a patch for WPAD in MS16-077.

I looked at the patch and it does indeed fix the problem. However it uses a sledgehammer to do it: It disallows NETBIOS traffic outside of the local subnet for ANYTHING. This is going to create havoc for legitimate file sharing and remote management (esp cloud) and name resolution on routed networks.

It needs a system registry change to undo it. No Group Policy, ugh. This is going to be a major tech support headache.