chris
Top Contributor
I came across this a few days ago, it's not a widely exploited vulnerability but still interesting stuff:
https://nakedsecurity.sophos.com/20...attack-the-wpad-name-collision-vulnerability/
It talks about browser compatibility, but there are still a lot of systems that are yet to recognise the new gTLDs.
The expanded crop of gTLDs includes everything from .ninja to .city and a number of things that companies might plausibly use internally such as .office, .network, .global and .group.
Domain names that once kept companies immune from WPAD data leakage, because they only worked inside the company, are starting to work outside the company too – and they’re up for sale.
Organisations can no longer assume that the domain names they made up for their private DNS won’t work on the internet, so the problem of WPAD data leakage has become a genuine vulnerability.
https://nakedsecurity.sophos.com/20...attack-the-wpad-name-collision-vulnerability/
It talks about browser compatibility, but there are still a lot of systems that are yet to recognise the new gTLDs.