Tags: hackers | internet | flaw

Hackers Get Hold of Critical Internet Flaw

Friday, 25 Jul 2008 10:58 AM

Share:
  Comment  |
   Contact Us  |
  Print  
|  A   A  
  Copy Shortlink

Internet security researchers on Thursday warned that hackers have caught on to a "critical" flaw that lets them control traffic on the Internet.

An elite squad of computer industry engineers that labored in secret to solve the problem released a software "patch" two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks.

"We are in a lot of trouble," said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

"This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please," Kaminsky said. "This is a big deal."

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

The vulnerability allows "cache poisoning" attacks that tinker with data stored in computer memory caches that relay Internet traffic to its destination.

Attackers could use the vulnerability to route Internet users wherever the hackers wanted, no matter what website address is typed into a web browser.

The threat is greatest for business computers handling online traffic or hosting websites, according to security researchers.

The flaw is a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

"I was not intentionally seeking to cause anything that could break the Internet," Kaminsky said Thursday during a conference call with peers and media. "It's a little weird to talk about it out loud."

Kaminsky built a web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability. As of Thursday, slightly more than half the computers tested at the website still needed to be patched.

"People are spending tens of thousands of hours getting this patch out the door," Kaminsky said.

The US Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, is among the chorus urging people to quickly protect computers linked to the Internet.

"Just like you should wear a seat belt going down the road to be safe in a car accident, the same applies here," said Jerry Dixon, a former director of cyber security at the US Department of Homeland Security.

"The patch is your seat belt. The exploit is out there and you definitely need to take precautions. Now is not the time to keep waiting."

Two "exploits," software snippets that take advantage of the vulnerability, have been unleashed on the Internet in the past 24 hours, Securosis analyst Rich Mogul said during the conference call.

"The threat is there," Mogul said.

— AFP

-

Share:
  Comment  |
   Contact Us  |
  Print  
  Copy Shortlink
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Country
Zip Code:
Privacy: We never share your email.
 
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
Around the Web
Top Stories
You May Also Like

Report: North Korea's Leader Missing for a Month Due to Surgery

Tuesday, 30 Sep 2014 07:49 AM

North Korean leader Kim Jong Un has been hospitalized after surgery on both ankles earlier this month, a South Korean ne . . .

Cruz, Perry, Huckabee, Jindal Mobilize Christian Vote for Midterms

Tuesday, 30 Sep 2014 07:41 AM

A number of possible GOP presidential candidates have recorded radio ads urging conservative Christians to vote in Novem . . .

Secret Service Head Faces Grilling on White House Breach

Tuesday, 30 Sep 2014 07:36 AM

Most Washington scandals that end up on Capitol Hill tend to end the same way: with an apology.Secret Service Director J . . .

Most Commented

Newsmax, Moneynews, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, NewsmaxWorld, NewsmaxHealth, are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved