[NCAP-Discuss] Update on wpad.domain.name
Warren Kumari
warren at kumari.net
Wed Feb 16 15:56:32 UTC 2022
On Wed, Feb 16, 2022 at 8:33 AM Thomas, Matthew via NCAP-Discuss <
ncap-discuss at icann.org> wrote:
> NCAP DG,
>
>
>
> I would like to provide a brief update on wpad.domain.name.
>
>
>
> Immediately after the ‘wpad.domain.name’ security threat was discovered
> in 2017, Verisign contacted D-Link[1] about their suffix search list
> misconfiguration and we have subsequently contacted them again. Verisign
> recently received a response from D-Link stating the effected devices are
> now deemed the End-of-Life/End-of-Service [2].
>
https://www.youtube.com/watch?v=IjmtVKOAHPM
> Verisign also contacted the registrar of record to enquire about its use.
> The registrar acknowledged the security threat WPAD poses, and they placed
> the domain on clientHold, which prevents the domain to resolve.
>
So, as a meta comment, I think that ICANN / NCAP / the Internet community
owes a large debt of thanks to Matt and Verisign for jumping in and helping
fix these sorts of issues. This is only one of the many that he's helped
fix for the good of the Internet.
I've previously done some similar type mitigations, and it's always a large
amount of annoying grunge work trying to reach the right people, educating
them on the issues, dealing with their grumpiness for having created extra
work for them, and then following up.
I much prefer snarking at people and companies, but Matt's doing awesome
work here.
W
>
>
> Matt Thomas
>
> Verisign
>
>
>
> [1]
> http://mm.icann.org/pipermail/gnso-newgtld-wg-wt4/2017-October/000187.html
>
> [2]
> https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10268
>
>
> _______________________________________________
> NCAP-Discuss mailing list
> NCAP-Discuss at icann.org
> https://mm.icann.org/mailman/listinfo/ncap-discuss
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
-- E. W. Dijkstra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220216/b8b84f4c/attachment.html>
More information about the NCAP-Discuss
mailing list