Web-Proxy Auto Discovery Considered Harmful

Dan Goodin from ArsTechnica recently brought to light the subject of one of the talks from this year’s BlackHat conference: Crippling HTTPS With Unholy PAC. Although the conference will be carried out in the next few days, the abstract for the talk gives enough information to know what’s going on: due to the way proxy automatic configuration (PAC) works, protected information may be leaked to observers, even when HTTPS is used. We’ll talk about why you should care and what to do about it.