On Saturday, July 11, 2015 1:13 PM, Warren Kumari
[mailto:warren(_at_)kumari(_dot_)net] wrote
On Saturday, July 11, 2015, Christian Huitema
<huitema(_at_)microsoft(_dot_)com> wrote:
There is definitely an attack vector there. Suppose an attacker can monitor
the traffic, say on an
unencrypted Wi-Fi hot spot. The attacker can see a DHCP request or INFORM,
and race in a fake
response with an >> URL of their own choosing. The mark's computer
automatically connects
there, and download some zero-day attack. Bingo!
An attacker with this level of access can already do this. They fake a DHCP
response with themselves
as the gateway and insert a 302 into any http connection. Or, more likely
they simply inject
malicious code into some connection.
Connecting to unknown/ unencrypted networks is inherently dangerous...
OK, you are probably correct that this is just one of the many attacks possible
when connecting to insecure networks. Then, of course, there is the whole idea
of letting an untrusted DHCP server direct one's browser to an arbitrary web
page. Looks like an ideal setup for zero days and phishing tools. Ideally, we
should only process the redirected page into a fairly tight sandbox...
-- Christian Huitema