LEADING THE INTERNET WITH TECHNOLOGY DEVELOPMENT
MitM Attack by Name Collision: Cause Analysis and WPAD Vulnerability Assessment in the New gTLD Era. Man in the Middle (MitM) attacks on web browsing have become easier than they have ever been before because of a problem called “Name Collision” and a protocol called the Web Proxy Auto-Discovery (WPAD) protocol. This name collision attack can cause all web traffic of an internet user to be redirected to a MitM proxy automatically right after the launching of a standard browser. The underlying problem of this attack is internal namespace WPAD query leakage, which itself is a known problem for years. However, it remains understudied since it was not easily exploitable before the recent new gTLD delegation.
In this paper, researchers from Verisign Labs and the University of Michigan focus on this newly exposed MitM attack vector and perform the first systematic study of the underlying problem causes and its vulnerability status in the wild.
Registration Data Access Protocol (RDAP)
A new protocol was designed from the ground-up to address the limitations of WHOIS. That protocol is known as the Registration Data Access Protocol, or RDAP. Verisign Labs has been actively involved with the Internet Engineering Task Force (IETF) and ICANN efforts to support RDAP standardization and adoption.