mastodon.ie

Pyrzout :vm:Forensic journey: Breaking down the UserAssist artifact structure – Source: securelist.com <a href="https://ciso2ciso.com/forensic-journey-breaking-down-the-userassist-artifact-structure-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/forensic-journey-breaking-down-the-userassist-artifact-structure-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Digitalforensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#Digitalforensics</a> <a href="https://social.skynetcloud.site/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#IncidentResponse</a> <a href="https://social.skynetcloud.site/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://social.skynetcloud.site/tags/Researcherstools" class="mention hashtag" rel="nofollow noopener" target="_blank">#Researcherstools</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a> <a href="https://social.skynetcloud.site/tags/TIandIRposts" class="mention hashtag" rel="nofollow noopener" target="_blank">#TIandIRposts</a> <a href="https://social.skynetcloud.site/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#research</a> <a href="https://social.skynetcloud.site/tags/SOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SOC</a>

Jérôme Herbinet | FLOSS♥️ Merci <a href="https://pouet.chapril.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> pour tous ces efforts que vous déployez sans relâche depuis tant d'années pour me faire détester <a href="https://pouet.chapril.org/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> (et <a href="https://pouet.chapril.org/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftOffice</a>, soit dit en passant) et aimer profondément GNU/Linux et les <a href="https://pouet.chapril.org/tags/LogicielsLibres" class="mention hashtag" rel="nofollow noopener" target="_blank">#LogicielsLibres</a> en général. Franchement, bravo et merci ! Continuez comme ça 👏 🔗 <a href="https://www.linkedin.com/posts/cedric-delberghe_windows11-sobriaeztaez-dsi-activity-7348584195327160321-G2Hl?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAnvbn0BKgVWNiI-qXVKW2yp0P6EwiUZ8Aw" rel="nofollow noopener" translate="no" target="_blank">https://www.linkedin.com/posts/cedric-delberghe_windows11-sobriaeztaez-dsi-activity-7348584195327160321-G2Hl?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAnvbn0BKgVWNiI-qXVKW2yp0P6EwiUZ8Aw</a>#️⃣ <a href="https://pouet.chapril.org/tags/GAFAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GAFAM</a> <a href="https://pouet.chapril.org/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows10</a> <a href="https://pouet.chapril.org/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows11</a> <a href="https://pouet.chapril.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://pouet.chapril.org/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#FreeSoftware</a> <a href="https://pouet.chapril.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://pouet.chapril.org/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FLOSS</a> <a href="https://pouet.chapril.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://pouet.chapril.org/tags/BigTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#BigTech</a> <a href="https://pouet.chapril.org/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://pouet.chapril.org/tags/Windaube" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windaube</a>

AptiviMicrosoft outs the July 2025 security patch for Windows 11!<a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.social/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodon.social/tags/Computers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Computers</a> <a href="https://mastodon.social/tags/Laptops" class="mention hashtag" rel="nofollow noopener" target="_blank">#Laptops</a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechNews</a> <a href="https://mastodon.social/tags/TechUpdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechUpdates</a><a href="https://officialaptivi.wordpress.com/2025/07/09/windows-11-july-2025-patch-is-out/" rel="nofollow noopener" translate="no" target="_blank">https://officialaptivi.wordpress.com/2025/07/09/windows-11-july-2025-patch-is-out/</a>

JdeBP<a href="https://framapiaf.org/@pmevzek" class="u-url mention" rel="nofollow noopener" target="_blank">@pmevzek</a> <a href="https://mastodon.social/@Edent" class="u-url mention" rel="nofollow noopener" target="_blank">@Edent</a> <a href="https://mastodon.social/@rmbolger" class="u-url mention" rel="nofollow noopener" target="_blank">@rmbolger</a> nslookup isn't deprecated on Windows, which is what we're talking about here.<a href="https://learn.microsoft.com/en-gb/windows-server/administration/windows-commands/nslookup" rel="nofollow noopener" translate="no" target="_blank">https://learn.microsoft.com/en-gb/windows-server/administration/windows-commands/nslookup</a>Good luck finding a dig for Windows. I'm still pointing people to William Stacey's netdig, I notice. I should probably fix that, since it vanished over a decade ago, which is a shame.<a href="https://jdebp.uk/FGA/dns-diagnosis-tools.html" rel="nofollow noopener" translate="no" target="_blank">https://jdebp.uk/FGA/dns-diagnosis-tools.html</a><a href="https://mastodonapp.uk/tags/nslookup" class="mention hashtag" rel="nofollow noopener" target="_blank">#nslookup</a> <a href="https://mastodonapp.uk/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a>

Pyrzout :vm:Batavia spyware steals data from Russian organizations – Source: securelist.com <a href="https://ciso2ciso.com/batavia-spyware-steals-data-from-russian-organizations-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/batavia-spyware-steals-data-from-russian-organizations-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/MalwareDescriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareDescriptions</a> <a href="https://social.skynetcloud.site/tags/MalwareTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareTechnologies</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Targetedattacks</a> <a href="https://social.skynetcloud.site/tags/Windowsmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windowsmalware</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/spearphishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#spearphishing</a> <a href="https://social.skynetcloud.site/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://social.skynetcloud.site/tags/datatheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#datatheft</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.skynetcloud.site/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spyware</a> <a href="https://social.skynetcloud.site/tags/VBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VBS</a>

JdeBP<a href="https://mastodon.social/@Edent" class="u-url mention" rel="nofollow noopener" target="_blank">@Edent</a> It is a shame that neither> Resolve-DnsName -Name where-is-the-iss.dedyn.io -Type LOCnor> nslookup -type=loc where-is-the-iss.dedyn.iowork.Not even <a href="https://mastodon.social/@rmbolger" class="u-url mention" rel="nofollow noopener" target="_blank">@rmbolger</a> 's Resolve-Dns supports the LOC resource record type.Although I suspect that might be the Windows tool that gains support the most quickly, just for the bragging rights of being able to show an ISS LOC record in Windows when no-one else can. (-:<a href="https://mastodonapp.uk/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerShell</a> <a href="https://mastodonapp.uk/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNS</a> <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodonapp.uk/tags/nslookup" class="mention hashtag" rel="nofollow noopener" target="_blank">#nslookup</a>

Scripter :verified_flashing:Microsoft Windows: Nutzerzahlen brechen massiv ein <a href="https://www.t-online.de/digital/aktuelles/id_100799194/microsoft-windows-nutzerzahlen-brechen-massiv-ein.html" rel="nofollow noopener" translate="no" target="_blank">https://www.t-online.de/digital/aktuelles/id_100799194/microsoft-windows-nutzerzahlen-brechen-massiv-ein.html</a> <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://social.tchncs.de/tags/Betriebssystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#Betriebssystem</a> <a href="https://social.tchncs.de/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://social.tchncs.de/tags/Nutzerzahlen" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nutzerzahlen</a>

JdeBP<a href="https://techhub.social/@zombiewarrior" class="u-url mention" rel="nofollow noopener" target="_blank">@zombiewarrior</a> <a href="https://plush.city/@kebokyo" class="u-url mention" rel="nofollow noopener" target="_blank">@kebokyo</a> <a href="https://mastodon.neilzone.co.uk/@neil" class="u-url mention" rel="nofollow noopener" target="_blank">@neil</a> If they truly did nothing, that would probably be better.What they actually do is turn the setting off where most people test it to check that it is doing what it claims, i.e. running a WWW browser or suchlike application interactively, whilst covertly leaving it on in non-interactive but pretty serious parts of the system.Until one day you fiddle with the <a href="https://mastodonapp.uk/tags/ProxyAutoConfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAutoConfiguration</a> file, thinking that it's not in use, and you find that your supposedly dummy HTTP server is getting a lot of requests.<a href="https://mastodonapp.uk/@JdeBP/114696051410902443" rel="nofollow noopener" translate="no" target="_blank">https://mastodonapp.uk/@JdeBP/114696051410902443</a><a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> <a href="https://mastodonapp.uk/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a>

JdeBP<a href="https://plush.city/@kebokyo" class="u-url mention" rel="nofollow noopener" target="_blank">@kebokyo</a> <a href="https://mastodon.neilzone.co.uk/@neil" class="u-url mention" rel="nofollow noopener" target="_blank">@neil</a> My biggest security concern this year wasn't anything to do with my static content servers, or even the machine they are running on, at all.It was the fact that if one turns off WWW Proxy Auto Discovery in <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> system settings, it turns out not to actually turn it off for some fairly vital things like the auto-updates for Windows and Office.Top <a href="https://mastodonapp.uk/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> tip: Act as if <a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> is always on, because it turns out that it is.<a href="https://mastodonapp.uk/tags/ProxyAutoConfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAutoConfiguration</a>

AptiviMicrosoft releases the June 2025 preview patch for Windows 11!<a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.social/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodon.social/tags/Computers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Computers</a> <a href="https://mastodon.social/tags/Laptops" class="mention hashtag" rel="nofollow noopener" target="_blank">#Laptops</a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechNews</a> <a href="https://mastodon.social/tags/TechUpdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechUpdates</a><a href="https://officialaptivi.wordpress.com/2025/06/28/windows-11-june-2025-preview-patch-is-out/" rel="nofollow noopener" translate="no" target="_blank">https://officialaptivi.wordpress.com/2025/06/28/windows-11-june-2025-preview-patch-is-out/</a>

JdeBP<a href="https://mas.to/@mroach" class="u-url mention" rel="nofollow noopener" target="_blank">@mroach</a> <a href="https://mastodon.scot/@ColinHaynes" class="u-url mention" rel="nofollow noopener" target="_blank">@ColinHaynes</a> In the meantime, Microsoft tried to ruin everyone's fun by making Windows NT 10.0 be the same version number as used by the marketing people.But it's alright. It has slipped again. Windows NT version 10.0.26100 is is not called that by the marketing people.One is not immune in the non-Microsoft world, though. Place these in the correct order:Buster Etch Forky Jessie Potato Sarge Sid Wheezy Trixie(-:<a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodonapp.uk/tags/WindowsNT" class="mention hashtag" rel="nofollow noopener" target="_blank">#WindowsNT</a> <a href="https://mastodonapp.uk/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a>

.:\dGh/:.Yes, especially when <a href="https://mastodon.social/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows11</a> decides to fuck you over and not boot... AT ALL.I'll recommend a <a href="https://mastodon.social/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mac</a> to anyone, and one good flavour of Linux to the poorer/developers ones.<a href="https://mastodon.social/tags/PC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PC</a> <a href="https://mastodon.social/tags/Computer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Computer</a> <a href="https://mastodon.social/tags/Computers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Computers</a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.social/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodon.social/tags/OS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OS</a>

JdeBP<a href="https://cyberplace.social/@WiteWulf" class="u-url mention" rel="nofollow noopener" target="_blank">@WiteWulf</a> Something, something, LibreOffice? (-:Children nowadays, eh?You wait until that old driver cleanout happens that Microsoft was warning about the future possibility of recently, and xe finds that suddenly the old Windows drivers for secondhand <a href="https://mastodonapp.uk/tags/Dell" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dell</a> hardware aren't available, only new ones for current hardware.<a href="https://techcommunity.microsoft.com/blog/hardwaredevcenter/removal-of-unwanted-drivers-from-windows-update/4425647" rel="nofollow noopener" translate="no" target="_blank">https://techcommunity.microsoft.com/blog/hardwaredevcenter/removal-of-unwanted-drivers-from-windows-update/4425647</a><a href="https://mastodonapp.uk/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#LibreOffice</a> <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a>

JdeBPMy educated first guess is that this is some side-effect on the proxy settings of Session 0 Isolation, or HKLM versus HKCU, or something.Certainly all of the session 1 programs running on the desktop as the logged-in user appear to be obeying the proxy settings shown in System Settings. The HTTP server pointed to by the PAC file isn't getting any hijacked traffic from any WWW browsers, or from Electron(-like) apps.<a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> <a href="https://mastodonapp.uk/tags/ProxyAutoConfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAutoConfiguration</a> <a href="https://mastodonapp.uk/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

JdeBPI've run ktrace/truss on the HTTP server as the easiest way to find out what requests it was receiving, given that they're either being conveniently downgraded from HTTPS to a CONNECT over HTTP, or were in HTTP already.There is good news and there is bad news.The good news is that there's nothing particularly new amongst the URLs. Microsoft discloses a lot, but not all, of them. A couple belong to other companies, but the connections to Microsoft, Google, et al. are overt.The bad news is that these are things like certificate revocation lists from Google, other certificate information, your Microsoft account login on Windows Live, Bing Maps, Windows Defender updates, and various other stuff. And they're all vulnerable to a WPAD attack on an untrusted LAN (e.g. your favourite Internet café) that has been known about for over 20 years.And, importantly, that the system administrator *thinks is turned off*.<a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> <a href="https://mastodonapp.uk/tags/ProxyAutoConfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAutoConfiguration</a> <a href="https://mastodonapp.uk/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Alan LewisMICROSOFT WINDOWS Mastodon PostDid anyone other than me get a really weird survey from Windows today or anytime recently?They asked the sorts of questions that might have pertained to the unstable Windows Millennium Edition a quarter century ago.I wonder what problems are being reported or anticipated.The questions gave me the idea that Windows Team members don't know what they are doing and I hardly needed to be GIVEN that idea. It was already readily apparent.: <a href="https://c.im/tags/computers" class="mention hashtag" rel="nofollow noopener" target="_blank">#computers</a> <a href="https://c.im/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoft</a> <a href="https://c.im/tags/microsoftwindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoftwindows</a> <a href="https://c.im/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows</a> <a href="https://c.im/tags/windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows10</a> <a href="https://c.im/tags/windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows11</a> <a href="https://c.im/tags/windowsme" class="mention hashtag" rel="nofollow noopener" target="_blank">#windowsme</a> <a href="https://c.im/tags/windowsos" class="mention hashtag" rel="nofollow noopener" target="_blank">#windowsos</a> :

JdeBPThe hijacking method itself isn't new, by the way. I wrote about trusting DHCP servers back in 2004. I control what my DHCP server hands out in leases, and I also control what wpad.$searchdomain on my LAN is.So it's not that this <a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> hijacking is possible. It's that for some parts of <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> it is apparently impossible *to prevent* by turning off automatic proxy setup.For parts of the system that are pulling the wpad.dat file every half hour, and appear to be doing things with trust certificates, over HTTP.<a href="https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.html#Security" rel="nofollow noopener" translate="no" target="_blank">https://jdebp.uk/FGA/web-browser-auto-proxy-configuration.html#Security</a><a href="https://mastodonapp.uk/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

JdeBPThere's something inside <a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> that does not respect the system settings and *always* uses Web Proxy Auto-Discovery.I have WPAD turned off on my Windows machines, and recently fiddled with the LAN's wpad.dat thinking that nothing would be using it, making it point to a dummy proxy.The dummy proxy is currently logging a lot of repetitive HTTP requests coming in from what appear to be internal Microsoft services. I've seen digicert.com. , pki.goog. , and cdn.office.net. URLs, so far. I've tested the WWW browsers, and they're definitely respecting the system proxy settings.It's not that these requests are being made. It's that they're being routed as instructed by a PAC file where a system administrator has *turned off WPAD* because of its vulnerability to hijacking by whoever controls DHCP/proxy DNS on the LAN. I just hijacked myself. Others are probably not so lucky.<a href="https://mastodonapp.uk/tags/WPAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#WPAD</a> <a href="https://mastodonapp.uk/tags/ProxyAutoConfiguration" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAutoConfiguration</a> <a href="https://mastodonapp.uk/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

JdeBP"I know a bit about Windows." I thought to myself. "I do not actually have to reboot to get this change to be recognized. I can just stop and restart the service. All of this stuff about needing to reboot all of the time is not entirely right."Of course, the SCM then goes and reports that it is unable to stop the service.Gah!<a href="https://mastodonapp.uk/tags/MicrosoftWindows" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftWindows</a> <a href="https://mastodonapp.uk/tags/ServiceControlManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#ServiceControlManager</a>

Recent searches

Search options

Administered by:

Server stats:

#microsoftwindows