YoVDO

MitM Attack by Name Collision - Cause Analysis and Vulnerability Assessment in the New gTLD Era

Offered By: IEEE via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Root Cause Analysis Courses Web Security Courses Vulnerability Assessment Courses

Course Description

Overview

Explore a critical cybersecurity vulnerability in this 20-minute IEEE conference talk on MitM attacks through name collisions in the new gTLD era. Delve into the causes, vulnerability assessment, and potential remediation strategies for this emerging threat that exploits the Web Proxy Auto-Discovery (WPAD) protocol. Gain insights into how internal namespace query leakage can lead to automatic traffic redirection to malicious proxies. Examine the role of end-user device settings in exacerbating the problem and learn about the concept of "highly-vulnerable domains." Understand the urgent need for proactive protection measures and evaluate potential solutions at the registry, Autonomous System, and end-user levels.

Syllabus

Introduction
High Level Picture
Background
Fundamental Problem
Source of Leakage
Domain Suffix
Cause Analysis
Attack Surface Characterization
Current Registration Status
Remediation Strategies
Summary


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube