Researchers have discovered a massive internet security flaw which could affect millions of net users, prompting the largest security update in web history.
The flaw, known as “cache poisoning”, could enable hackers to attack the internet’s Domain Name System (DNS). Just as a mobile phone’s address book connects a name with a number, DNS associates a website’s name with its true numerical address. A hacker could change the numerical address that a website is associated with, so that users typing in the web address would be transferred to a site they had not intended to visit. Particularly worrying is the potential to redirect web users to phishing sites , which attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy organisation.
System operators such as Microsoft, Sun Microsystems, Red Hat and others are already issuing patches to fix the problem before hackers have a chance to exploit the glitch. “This is the largest synchronised security update in the history of the internet. The severity of this bug is shown by the number of those who are on board with the patches,” said Dan Kaminsky, an American internet security specialist who uncovered the bug.
Kaminsky has refused to disclose further details of the flaw, giving systems operators 30 days to address the issue before he reveals more. The American Computer Emergency Readiness Team (CERT) has issued an alert on the scope of the problem.
Keminsky said he stumbled across the flaw “by complete and total accident.” Smaller DNS flaws have been used to “poison” servers, but there is no evidence yet that hackers have exploited the glitch to its full extent.
“This is about the integrity of the Web, this is about the integrity of e-mail,” he said. “It’s more, but I can’t talk about how much more.”
Similar Posts: