Researchers demo new IPv6 attack against Windows 8 PCs
Researchers at Neohapsis Labs have discovered an ingeniously simple man-in-the-middle attack that can hijack the IPv6 capability of a PC to silently intercept all web traffic on a target network.
Due for full disclosure at the DEF CON 21 conference, the attack's design isn't new - the similar Stateless Address Auto Configuration (SLAAC) principle was demonstrated at Infosec in 2011 - but extends it to Windows 8 segments for the first time.
Assuming only an available IPv4 address on the network, the team were able to use a 'Sudden Six' script run from a Linux host to rapidly insert the system as a rogue IPv6 router. This IPv6 overlay was able to intercept all traffic travelling through it, which is to say all traffic on that network.