*Source: BetaNews (
http://www.betanews.com/article/Eigh...s/1196785539)*
_________
Microsoft acknowledged the discovery of an exploitable bug in the way one of its services handles domain name resolution -- a bug it thought it fixed in 1999.
At a so-called "ethical hacker conference" in New Zealand last week, a programmer named Beau Butler revealed a method whereby a malicious user could intercept and re-route Internet traffic throughout a network, using a man-in-the-middle-attack. The method involved being able to masquerade as something called Web Proxy Auto-Discovery Protocol (WDAP), whose purpose is to automatically detect whether a system utilizes proxies for domains higher than the second level (e.g., fileforum.betanews.com).
More...