Attack Hijacks Data Via Newer Windows Features…

Attack hijacks sensitive data using newer Windows features. Security researchers have outlined a way to hijack huge amounts of confidential network traffic by exploiting default behavior in Microsoft’s Windows operating system.

The man-in-the-middle attacks described April 4 take advantage of features added to recent versions of Windows that make it easy for computers to connect to networks using the next generation IPv6 protocol. The attack will also work against Apple’s OS X for Macs, although the proof-of-concept has not been tested on that platform, said a program manager at InfoSec Institute, an information security services company. The attack exploits an industry standard known as Stateless Address Auto Configuration (SLAAC) for allowing clients and hosts to find each other on IPv6 networks. When the next-generation addressing scheme is turned on, as it is by default in OS X, Windows Vista, Windows 7, and Server 2008, SLAAC can be used to create an unauthorized IPv6 network that reroutes data through hardware controlled by the attackers. “All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running,” the researcher told The Register. “If Microsoft didn’t have that configuration by default, it would negate a lot of the effects of the attack.”