Firms Tackle Security Flaw In Web Addressing System
Reality_Check©
Reality at Check.it
Thu Jul 10 04:17:40 UTC 2008
<OffshoreEddie at nospam.com> wrote in message
news:iq0b74d391qehgcps5625acah6hrig6aes at 4ax.com...
> Wow. A big one avoided. Be nice if the rest of government and
> industry had this kind of proactive attitude.
>
>
> Firms Tackle Security Flaw In Web Addressing System
>
> http://online.wsj.com/article/SB121557348238938533.html
>
> By Christopher Rhoads
> Staff Reporter
>
> A computer researcher revealed a fundamental flaw in the Internet's
> addressing system, necessitating a massive Internet security upgrade
> primarily for businesses and service providers, according to a
> division of the Department of Homeland Security.
>
> The problem makes it possible for computer hackers to reroute Internet
> traffic at will, enabling them access to sensitive and valuable
> information from businesses as well as individual users, such as
> credit-card and bank information.
>
> The matter is more serious than a typical computer virus or hack
> because rather than targeting individual computers online or specific
> software products, it undermines the inner workings of the Internet
> itself, specifically the so-called domain name system, or DNS. The
> DNS, which acts as the Internet's address book, makes it possible for
> users to connect with other computers and Web sites.
>
> "This is the largest synchronized security upgrade in the history of
> the Internet," said a statement from the Computer Security Response
> Team, or CERT, a division of Homeland Security. "An attacker could
> easily take over portions of the Internet and redirect users to
> arbitrary and malicious locations."
>
> A number of software and hardware companies, including Microsoft
> Corp., Cisco Systems Inc, and Sun Microsystems Inc., on Tuesday
> simultaneously issued software patches for their users.
>
> The flaw was discovered by accident about six months ago by security
> researcher Dan Kaminsky, prompting him to contact the U.S. government.
> The matter was kept secret so that technology vendors could first come
> up with a way to defend against the problem, which was announced
> Tuesday. Mr. Kaminsky, who works for computer security company
> IOActive Inc., said he intends to provide more details about the
> problem in 30 days, to allow companies time to upgrade their security.
More information about the bind-users
mailing list