Kiwicon hacker demo exposes serious Windows flaw
Hole could allow millions of PCs to be hijacked
By Computerworld staff, Auckland | Monday, 26 November, 2007
A demonstration at the
Kiwicon hacker conference
in Wellington earlier this month has exposed a serious Windows security flaw.
The Age
newspaper, in Melbourne,
reports
the flaw forced Microsoft engineers to work furiously through the US Thanksgiving holiday to develop a fix. It was discovered by New Zealand-based ethical hacker Beau Butler.
"This whole presentation came about from me telling a story to a bunch of my computer security friends down the pub one night," Butler told
The Age
. "They basically said, 'You're going to have to step up and talk about that'."
Butler found that 160,000 computers in New Zealand alone were vulnerable, and could have been hijacked. Computers in the US were not vulnerable.
Butler notified Microsoft of the issue and
The Age
held back on publication until after the fix was delivered.
The security issue was with Windows Proxy Autodiscovery (WPAD) functionality.