DrBill.TV #497 – Video – The Old Tech Dies, New Tech Lives Edition!

The 2021 Blackmagic Design Event rollout of new tech, new 4K Studio Cameras, and more! Meanwhile old tech is dying! 1st Gen Kindles will be bricked by year’s end, and what ‘old tech’ is being removed from Windows 11? (Jul 29, 2021)

00:00 Intro
04:50 Older Kindles will soon be bricked, no more ‘Whispernet’
06:44 The Blackmagic Design Live New Tech Event
12:16 The ‘old tech’ that is being removed from Windows for Windows 11
16:12 Sign-off

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN

www.DrBill.TV/Linode


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on BitChute Dr. Bill.TV on Odysee Dr. Bill.TV on Rumble Dr. Bill.TV on Vimeo

 


DrBill.TV #497 – Audio – The Old Tech Dies, New Tech Lives Edition!

The 2021 Blackmagic Design Event rollout of new tech, new 4K Studio Cameras, and more! Meanwhile old tech is dying! 1st Gen Kindles will be bricked by year’s end, and what ‘old tech’ is being removed from Windows 11? (Jul 29, 2021)

00:00 Intro
04:50 Older Kindles will soon be bricked, no more ‘Whispernet’
06:44 The Blackmagic Design Live New Tech Event
12:16 The ‘old tech’ that is being removed from Windows for Windows 11
16:12 Sign-off

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN

www.DrBill.TV/Linode


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on BitChute Dr. Bill.TV on Odysee Dr. Bill.TV on Rumble Dr. Bill.TV on Vimeo

 


What “Old Tech” is Missing From Windows 11?

Windows 11Everything You’ll Lose From Windows 10 When You Upgrade to Windows 11

Gizmodo – By: David Nield Windows 11 is on the way, and it’s going to bring with it a new look, new colors, and new features when it becomes available later in the year. But not everything that’s currently in Windows 10 is going to survive the upgrade.

Expect a few additions and subtractions in terms of features between now and the public rollout of Windows 11, but here’s everything that will get lost along the way that we know about so far.

Internet Explorer
What’s that? You thought it had been killed off already? It’s actually still available in Windows 10, if you dig deep enough, but all traces of Internet Explorer are going to be removed in Windows 11, with Microsoft Edge replacing it. For those really, really old legacy apps and sites you still need access to for whatever reason, use the IE mode in Edge.

Timeline
You may have never used Timeline, which is perhaps one of the reasons it’s going away with the arrival of Windows 11. The feature lets you sync your activity across multiple Windows computers over the last 30 days (files you’ve opened, websites you’ve visited, etc.), making it easier to jump between devices logged in with the same Microsoft account.

Live Tiles
Developers didn’t really embrace the Live Tiles feature on the Windows 10 Start menu, which enables different snippets of information to be shown and updated in real time. If you think that sounds a lot like widgets, you’d be right. But Microsoft is going to try and bring back desktop widgets with Windows 11, so let’s hope they work better than Live Tiles.

Start Menu Groups
Another feature pulled from the Start menu is the ability for users to group tiles together and name them: productivity, writing, games, or whatever. The layout of the Start menu won’t be resizable either, so it sounds as though Microsoft wants to make the Start menu experience much the same for everyone (as well as move it into the center of the screen).

Quick Status
In Windows 10, applications can leave little blocks of information on the lock screen to remind you about incoming emails, upcoming calendar appointments, etc. This functionality, called Quick Status, won’t be available to programs when Windows 11 arrives—although it’s possible that widgets (see above) will take up some of the slack.

Taskbar Location
Speaking of cutting out customizations, the taskbar can only be in one place in Windows 11: at the bottom of the screen. You might have never realized it, but you can position the taskbar on the left, on the right, or even at the top of the screen in Windows 10. If you like making those sorts of tweaks in your operating system, you’re going to be out of luck.

Tablet Mode
Windows 10 actually does a decent job of working on both tablets like the Surface Pro and full desktop or laptop computers, but Windows 11 won’t include a dedicated mode for tablet devices. nstead, this functionality will be reconfigured, and some of it will happen automatically (like when you attach or detach a Bluetooth keyboard, for example).

Cortana
Microsoft’s digital assistant isn’t getting pulled from Windows 11 entirely, but it will be gone from the setup process, and it will no longer be pinned to the taskbar. It’s unclear what Microsoft has planned for Cortana, but based on the features that have been added to it over the last year or so, it might get repositioned as a business tool.

Windows S Mode
This is another feature that isn’t completely going away, but you’ll see less of it: S Mode, which only allows apps from the official Microsoft Store to be installed in order to improve performance and security, is only going to be an option in Windows 11 Home edition. At the moment you can get Windows 10 Home and Windows 10 Pro with S Mode enabled.

Skype
Skype will still be available in Windows 11, but the new and updated OS won’t include it as an integrated component in the same way that Windows 10 does. That’s because Microsoft is now focused on Teams as the answer to all your communication needs, including video—get ready for a lot of tight Teams integrations in the final Windows 11 experience.”

Blackmagic Design Event Launches New 4K Studio Cameras!

Blackmagic Design 4K Studio Cameras

Blackmagic Design 4K Studio Cameras

Today, I watched the Blackmagic Studio event live on YouTube. It was awesome! There were a lot of great equipment revelations, but my attention was on the new studio cameras! One is designed specifically for what I like to think of as “church video,” as I recommend equipment to a lot of churches. If you already use a Blackmagic Design ATEM Mini, or Mini Pro, these cameras are perfect! Specifically this one:

Blackmagic Studio Camera 4K Plus
“Designed as the perfect studio camera for ATEM Mini, this model has a 4K sensor up to 25,600 ISO, MFT lens mount, HDMI out, 7″ LCD with sunshade, built-in color correction and recording to USB disks.”

Then, if you want to go the full, professional, SDI cable route, and get all the “bells and whistles”, there is this one:

Blackmagic Studio Camera 4K Pro
“Designed for professional SDI or HDMI switchers, you get all the features of the Plus model, as well as 12G-SDI, professional XLR audio, brighter HDR LCD, 5 pin talkback and 10G Ethernet IP.”

Designed for Live Production
“While Blackmagic Studio Camera is designed for live production, it’s not limited to use with a live switcher! That’s because it records Blackmagic RAW to USB disks, so it can be used in any situation where you use a tripod! The large 7″ viewfinder makes it perfect for work such as chat shows, television production, broadcast news, sports, education, conference presentations and even weddings! The large bright display with side handles, touch screen and physical controls makes it easy to track shots while being comfortable to use for long periods of time. Because it’s so lightweight, it’s perfect when you’re constantly changing locations and doing different kinds of work.”

Revolutionary Studio Camera Design
“Large broadcasters use expensive studio cameras that are extremely large, so they’re not very portable. The distinctive Blackmagic Studio Camera has all the benefits of a large studio camera because it’s a combination of camera and viewfinder all in a single compact design. It features a lightweight carbon fiber reinforced polycarbonate body with innovative technology in a miniaturized design. The camera is designed for live production so it’s easy to track and frame shots with its large 7″ viewfinder. The touchscreen has menus for camera settings, and there’s knobs for brightness, contrast and focus peaking. Plus a tripod mount with mounting plate is included for fast setup!”

Exceptional Low Light Performance
“In advanced cameras, ISO is a measurement of the image sensor’s sensitivity to light. This means the higher the ISO the more gain can be added so it’s possible to shoot in natural light, or even at night! The Blackmagic Studio Camera features gain from -12dB (100 ISO) up to +36dB (25,600 ISO) so it’s optimized to reduce grain and noise in images, while maintaining the full dynamic range of the sensor. The primary native ISO is 400, which is ideal for use under studio lighting. Then the secondary high base ISO of 3200 is perfect when shooting in dimly lit environments. The gain can be set from the camera, or remotely from a switcher using the SDI or Ethernet remote camera control.”

Get Cinematic Images in Live Production!
“The amazing 4K sensor combined with Blackmagic generation 5 color science gives you the same imaging technology used in digital film cameras. That means you can now use cinematic images for live production! Plus, when combined with the built in DaVinci Resolve primary color corrector you get much better images than simple broadcast cameras. The color corrector can even be controlled from the switcher. With 13 stops of dynamic range, the camera has darker blacks and brighter whites, perfect for color correction. The sensor features a resolution of 4096 x 2160 which is great for both HD and Ultra HD work. Plus, all models support from 23.98 fps up to 60 fps.”

Affordable Photographic Lenses!
“With the popular MFT lens mount, Blackmagic Studio Cameras are compatible with a wide range of affordable photographic lenses. Photographic lenses are incredible quality because they’re designed for use in high resolution photography. Plus, the active lens mount lets you adjust the lens remotely! To eliminate the need to reach around to adjust the lens zoom and focus, the optional focus and zoom demands let you adjust the lens from the tripod handles just like a large studio camera! This means you avoid camera shake when adjusting the lens, so you can track shots and operate the camera without taking your hands off the tripod! It gives you the same feel as an expensive B4 broadcast lens!”

Frame Shots with Large 7″ Viewfinder
“The large 7″ high resolution screen will totally transform how you work with the camera because it’s big enough to make framing shots much easier. The Pro model features a HDR display with extremely high brightness, perfect outdoors in sunlight! On screen overlays show status and record parameters, histogram, focus peaking indicators, levels, frame guides and more. You can even apply 3D LUTs for monitoring shots with the desired color and look. The touchscreen also has menus and you can load and customize presets for different jobs. The included sun shade can be folded to protect the screen for transport plus it’s compatible with sun shades from the Blackmagic Studio Viewfinder!”

Physical and Touchscreen Controls
“Blackmagic Studio Cameras feature physical buttons and knobs as well as controls on the touchscreen. Knobs on the right side of the camera allow adjusting of the brightness, contrast and focus peaking. The focus peaking knob is incredibly useful as it lets you fine tune the detail highlight so you can get perfect focus as you zoom. The 3 function buttons on the left can have functions assigned to them, such as zebra, false color, focus peaking, LUTs and more! Plus you can change the function assigned to each button in the menus. The touchscreen also includes a heads up display with the most important shooting information, as well as menus for all camera settings, LUTs and custom presets.”

Built-in Tally for On Air Status
“Blackmagic Studio Cameras feature a very large tally light that illuminates red for on air, green for preview and orange for ISO recording. The tally light also includes clip on transparent camera numbers, so it’s easy for talent to see camera numbers from up to 20 feet away! The Blackmagic Studio cameras support the SDI tally standard used on all ATEM live production switchers and the HDMI tally used on ATEM Mini switchers. This means that a director can cut between cameras and the tally information will be sent back to the cameras via the SDI program return feed, lighting up the tally light on the camera whenever it’s on air. SDI tally eliminates complex wiring so job setup is faster.”

Communicate with the Director via Talkback
“Unlike consumer cameras, the Blackmagic Studio Camera 4K Pro model has SDI connections that include talkback so the switcher operator can communicate with cameras during live events. That means the director can talk to the camera operators to guide shot selection, eliminating the problem where all cameras could have the same shot, at the same time! The talkback connector is built into the side of the camera and supports standard 5 pin XLR broadcast headsets. Talkback uses audio channels 15 and 16 in the SDI connection between the camera and the switcher, and in the program return from the switcher to the camera. This means any embedded SDI audio device can work with talkback!”

Powerful Broadcast Connections
“Blackmagic Studio cameras have lots of connections for connecting to both consumer and broadcast equipment. All models feature HDMI with tally, camera control and record trigger, so are perfect for ATEM Mini switchers! You also get headphone and mic connections, and 2 USB?C expansion ports. The advanced Blackmagic Studio Camera 4K Pro model is designed for broadcast workflows so has 12G?SDI, 10GBASE?T Ethernet, talkback and balanced XLR audio inputs. The 10G Ethernet allows all video, tally, talkback and camera power via a single connection, so setup is much faster! That’s just like a SMPTE fiber workflow, but using standard Category 6A copper Ethernet cable so it’s much lower cost.”

The “Plus” is priced at $1295, while the “Pro” is priced at $1795.

Older Kindles Will Soon Lose Their Internet Connections

Kindle - First GenSlashdot – Posted by BeauHD – “The change is due to mobile carriers transitioning from older 2G and 3G networking technology to newer 4G and 5G networks. For older Kindles without Wi-Fi, this change could mean not connecting to the internet at all. As Good e-Reader first noted in June, newer Kindle devices with 4G support should be fine, but for older devices that shipped with support for 3G and Wi-Fi like the Kindle Keyboard (3rd generation), Kindle Touch (4th generation), Kindle Paperwhite (4th, 5th, 6th, and 7th generation), Kindle Voyage (7th generation), and Kindle Oasis (8th generation), users will be stuck with Wi-Fi only. In its email announcement, Amazon stresses that you can still enjoy the content you already own and have downloaded on these devices, you just won’t be able to download new books from the Kindle Store unless you’re doing it over Wi-Fi.

Things get more complicated for Amazon’s older Kindles, like the Kindle (1st and 2nd generation), and the Kindle DX (2nd generation). Since those devices relied solely on 2G or 3G internet connectivity, once the networks are shut down, the only way to get new content onto your device will be through an old-fashioned micro-USB cable. For customers affected by the shutdown, Amazon is offering a modest promotional credit (NEWKINDLE50) through August 15th for $50 towards a new Kindle Paperwhite or Kindle Oasis, along with $15 in-store credit for ebooks. While arguably the company could do more to help affected customers (perhaps by replacing older devices entirely) this issue is largely out of Amazon’s hands.”

DrBill.TV #496 – Video – The Elgato Event Plus Your Network Security with Pi-Hole Edition!

The 2021 Elgato Streaming Event, new Amazon FireTV interface, Pi-Hole DNS re-direct for security, the WPAD vulnerability, GSotW: Signal Secure SMS Client, Microsoft Windows 365 Desktop-in-the-Cloud, plus the usual silliness! (Jul 17, 2021)

00:00 Intro
04:22 The 2021 Elgato Streaming Device Showcase Event
07:14 Amazon FireTV new interface
07:44 Microsoft Windows 365 Cloud-PC
09:34 Implementing Pi-Hole and finding several surprises!
25:49 Geek Software of the Week: Signal Secure Encrypted SMS Client
29:38 Sign-off

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN

www.DrBill.TV/Linode


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on BitChute Dr. Bill.TV on Odysee Dr. Bill.TV on Rumble Dr. Bill.TV on Vimeo

 


DrBill.TV #496 – Audio – The Elgato Event Plus Your Network Security with Pi-Hole Edition!

The 2021 Elgato Streaming Event, new Amazon FireTV interface, Pi-Hole DNS re-direct for security, the WPAD vulnerability, GSotW: Signal Secure SMS Client, Microsoft Windows 365 Desktop-in-the-Cloud, plus the usual silliness! (Jul 17, 2021)

00:00 Intro
04:22 The 2021 Elgato Streaming Device Showcase Event
07:14 Amazon FireTV new interface
07:44 Microsoft Windows 365 Cloud-PC
09:34 Implementing Pi-Hole and finding several surprises!
25:49 Geek Software of the Week: Signal Secure Encrypted SMS Client
29:38 Sign-off

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN

www.DrBill.TV/Linode


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on BitChute Dr. Bill.TV on Odysee Dr. Bill.TV on Rumble Dr. Bill.TV on Vimeo

 


Microsoft Announces Windows 365 – A Cloud PC for Business

Windows 365Some virtualization and Cloud Computing news: Microsoft is starting to offer Windows 10 in the Cloud (actually just a “re-branding” of their “Cloud PC.”) It will allow desktops that business customers can subscribe to, nothing for the regular consumer, of course.

Microsoft unveils Windows 365, a Windows 10 PC in the cloud

Engadget – By: D. Hardawar – “Windows 365, a new service announced today at the Microsoft Inspire conference, is basically an unintentional riff on the Yo Dawg meme: Microsoft put Windows in the cloud so you can run a Windows computer while you’re running your computer. You can just call it a Cloud PC, as Microsoft does. It’s basically an easy-to-use virtual machine that lets you hop into your own Windows 10 (and eventually Windows 11) installation on any device, be it a Mac, iPad, Linux device or Android tablet. Xzibit would be proud.

While Windows 365 doesn’t come completely out of nowhere — rumors about some kind of Microsoft cloud PC effort have been swirling for months — its full scope is still surprising. It builds on Microsoft’s Azure Virtual Desktop service, which lets tech-savvy folks also spin up their own virtual PCs, but it makes the entire process of managing a Windows installation in a far-off server far simpler. You just need to head to Windows365.com when it launches on August 2nd (that domain isn’t yet live), choose a virtual machine configuration, and you’ll be up and running. (Unfortunately, we don’t yet know how much the service is going to cost, but Microsoft says it will reveal final pricing on August 1st.)

Windows 365 likely isn’t going to mean much for most consumers, but it could be life-changing for IT departments and small businesses. Now, instead of managing local Windows installations on pricey notebooks, IT folks can get by with simpler hardware that taps into a scalable cloud. Windows 365 installations will be configurable with up to eight virtual CPUs, 16GB of RAM and 512GB of storage at the time of launch. Microsoft is also exploring ways to bring in dedicated GPU power for more demanding users, Scott Manchester, the director of Program Management for Windows 365, tells us.

Smaller businesses, meanwhile, could set up Windows 365 instances for their handful of employees to use on shared devices. And instead of lugging a work device home, every Windows 365 user can securely hop back into their virtual desktops from their home PCs or tablets via the web or Microsoft’s Remote Desktop app. During a brief demo of Windows 365, running apps and browsing the web didn’t seem that different than a local PC. It’s also fast enough to stream video without any noticeable artifacts, Manchester says. (Microsoft is also using technology that can render streaming video on a local machine, which it eventually passes over to your Cloud PC.) You’ll also be able to roll back your Cloud PC to previous states, which should be helpful if you ever accidentally delete important files.

While the idea for Windows 365 came long before the pandemic, Microsoft workers spent the last year learning first-hand how useful a Cloud PC could be. They used a tool meant for hybrid work — where you can easily switch between working in an office or remotely — while stuck at home during the pandemic.

But why develop Windows 365 when Azure Virtual Desktop already exists? Manchester tells us that Microsoft noticed a whopping 80 percent of AVD customers were relying on third-party vendors to help manage their installations. “Ultimately, they were looking for Microsoft to be a one-stop-shop for them to get all the services they need to,” he said said.

That statistic isn’t very surprising. Virtualizing operating systems has been a useful local tool for developers over the last few decades, but it’s typically been a bit too difficult for mainstream users to manage on their own. And even though a tool like Azure Virtual Desktop brought it to the cloud (Manchester assures us that’s not going anywhere either), it’s even more difficult to manage.

One thing Windows 365 doesn’t mean, at least at this point, is the end of traditional computers. ‘I think we’ll still continue to have great client PC experiences,’ said Melissa Grant, director of Product Marketing for Windows 365, in an interview. ‘You know we have a relationship with our laptops. It is our sort of home and hub for our computing experience. What we want to offer with Windows 365 is the ability to have that same familiar and consistent Windows experience across other devices.'”

Geek Software of the Week: Signal SMS Client!

Signal Secure SMS ClientSpeaking of security and privacy… that applies to your phone as well! This SMS (text messages) client is awesome! Not only can you use it for encrypted, secure texts on your smartphone, you can use the Windows client to send and receive texts while working on your PC! Protect yourself with Signal!

Signal Secure SMS Client

“Speak Freely
Say “hello” to a different messaging experience. An unexpected focus on privacy, combined with all of the features you expect.

Share Without Insecurity
State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure. We can’t read your messages or listen to your calls, and no one else can either. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.

Say Anything
Share text, voice messages, photos, videos, GIFs and files for free. Signal uses your phone’s data connection so you can avoid SMS and MMS fees.

Speak Freely
Make crystal-clear voice and video calls to people who live across town, or across the ocean, with no long-distance charges.

Make Privacy Stick
Add a new layer of expression to your conversations with encrypted stickers. You can also create and share your own sticker packs.

Get Together with Groups
Group chats make it easy to stay connected to your family, friends, and coworkers.

No ads. No trackers. No kidding.
There are no ads, no affiliate marketers, and no creepy tracking in Signal. So focus on sharing the moments that matter with the people who matter to you.

Free for Everyone
Signal is an independent nonprofit. We’re not tied to any major tech companies, and we can never be acquired by one either. Development is supported by grants and donations from people like you.”

The WPAD Vulnerability I Discovered After Installing Pi-Hole!

So, if you have your own internal LAN network, and if you setup your domain extension to meld with your web-site (which I do), and you install Pi-Hole… you get a surprise! The number one blocked site that first day I set up Pi-Hole was a site that was getting a lot of referrals, and that was “wpad.drbillbailey.net”! Wha….?!?!? There is no “wpad.drbillbailey.net”! So, I found this article:

When domain names attack: the WPAD name collision vulnerability

Naked Security by Sophos – By: Mark Stockley – “A combination of poorly configured networks and new rules on internet domain names are giving cybercriminals a new and easy way to attack entire organizations, according to research out of the University of Michigan.

The vulnerability, described by US-CERT (the United States Computer Emergency Readiness Team) in alert TA16-144A issued 23 May 2016, affects computers that are using WPAD.

WPAD is short for Web Proxy Autodiscovery Protocol, a system that makes it easy for organizations to configure the many web browsers inside their network.

WPAD is supposed to find its browser configuration files on the internal network, but wily attackers may be able to trick WPAD into downloading booby-trapped versions of those configuration files from the public internet instead.

Worse still, if you use a work computer at home, and WPAD is enabled, you may very well end up searching for your browser configuration on the open internet every time, simply because your work network isn’t visible.

And WPAD very often is enabled, as US-CERT points out:

WPAD is enabled by default on all Microsoft Windows operating systems and Internet Explorer browsers. WPAD is supported but not enabled by default on Mac and Linux-based operating systems, as well as, Safari, Chrome, and Firefox browsers.

WPAD explained

Organizations typically allow access to the web through intermediary servers called proxies to improve performance, monitoring and security.

But that creates a “chicken-and-egg” problem: how to tell the browsers inside the network which proxy server to user in order to get web access in the first place?

The easiest way to answer that question is with a configuration file called a PAC (proxy auto-config) file that sets the browser up automatically.

So, before it can find the proxy server, a web browser needs to know: where’s the PAC file?

And that’s where WPAD comes in – a WPAD-enabled browser will automatically look for a PAC file called wpad.dat on the local network.

The browser works out where to look by using the network name of the computer it’s on. A browser on a computer with the network name computer.team.division.company.example would look in the following locations, in order:

wpad.team.division.company.example/wpad.dat
wpad.division.company.example/wpad.dat
wpad.company.example/wpad.dat
The .company.example domain is private to the organization’s network and DNS lookups for *.company.example domains are supposed to be answered by the organization’s own DNS servers.

Unfortunately it doesn’t always work out that way.

If a web browser finds itself on another network, one where the DNS servers don’t know how to respond to queries for .company.example, those queries may be escalated to public DNS servers.

According to US-CERT:

The WPAD vulnerability is significant to corporate assets such as laptops. In some cases these assets are vulnerable even while at work but observations indicate that most assets become vulnerable when used outside an internal network (e.g. home networks, public Wi-Fi networks).

It’s a data leak that happens a lot, according to the University of Michigan:

in two of 13 DNS root servers, roughly 20 million such queries are observed to be leaking to the public DNS namespace every day. This has been a known problem for years but … were not exploitable previously.

This is dangerous because if attackers were able to purchase the domain name .company.example they could put up a website at wpad.company.example and publish their own PAC file that tells browsers to use the attacker’s proxy server.

The attacker would then have a grandstand seat from which to spy on all the web traffic passing to and from that browser, extracting personal data or confidential company information and injecting malware or ads.

WPAD data leakage has been going on for years but some companies have avoided trouble in spite of their poor network configuration because in private they use their own, official top-level domain name, like .example.com, or a made-up top-level domain like .company.test that won’t work on the public internet and isn’t for sale.

The problem is that a recent change in the way that global top-level domains (gTLDs) work is changing that.

How the gTLD project made it worse

Global top-level domains include names that don’t denote any geographical region, such as .com, .org and .net.

In the beginning, the internet had just 7 gTLDs and the number grew very sedately until 2011, by which time there were 22.

But in 2012 ICANN (the Internet Corporation for Assigned Names and Numbers) threw the doors open and started taking applications for the creation of brand new gTLDs and today there are more than 700 of them.

The expanded crop of gTLDs includes everything from .ninja to .city and a number of things that companies might plausibly use internally such as .office, .network, .global and .group.

Domain names that once kept companies immune from WPAD data leakage, because they only worked inside the company, are starting to work outside the company too – and they’re up for sale.

Organizations can no longer assume that the domain names they made up for their private DNS won’t work on the internet, so the problem of WPAD data leakage has become a genuine vulnerability.

The researchers at the University of Michigan have shown that WPAD attacks are possible and practical but not widely exploited:

We find that even though some attack surface domains have already been registered, the overall registration and exploitation status are still in the early stage, indicating that proactive protection strategies are still feasible.

US-CERT recommends that administrators take the following steps to mitigate this vulnerability:

  • Consider disabling automatic proxy discovery/configuration in browsers and operating systems when you set up and device that will not be used on internal networks.
  • Consider using a fully qualified domain name (FQDN) from global DNS as the root for enterprise and other internal namespace.
  • Configure internal DNS servers to respond authoritatively to internal TLD queries.
  • Configure firewalls and proxies to log and block outbound requests for wpad.dat files.
  • Identify expected WPAD network traffic and monitor the public namespace or consider registering domains defensively to avoid future name collisions.
  • File a report with ICANN if your system is suffering demonstrably severe harm as a consequence of name collision by visiting.
  • One more suggestion from us: don’t make up domain names, not even (perhaps especially) for testing or documentation.”
1 2