[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

‘Knucklehead’: Tim Walz returns to Minnesota ‘defeated' Study Confirms the Awesome Destructive Power of Sugar in Utero Originally published via Armageddon Prose: Ukraine mobilizing mentally challenged and deaf people lawmaker COL. Douglas Macgregor : Trump and Netanyahu At Crossroads .': Parisians Revolt Against Israeli Minister's Visit As Riots Grip Amsterdam US Confirms Israel Will Face No Consequences for Not Improving Aid Situation in Gaza Judge rules AstraZeneca, other COVID jab makers NOT immune from injury claims for breach of contract Israel knew October 7th was going to happen One of the World’s Richest Men is Moving to America After Trump’s Landslide Victory Taiwan has a better voting system than America Donald Trump on Tuesday nominated veteran, author, and Fox News host Pete Hegseth as the Secretary of Defense "Warrior For Truth & Honesty" - Trump Names John Ratcliffe As CIA Director "The Manhattan Project" Of Our Time: Musk And Vivek Ramaswamy To Head Department Of Government Efficiency (DOGE) Trump, Rogan and French Fries at MsDonalds President Trump wants a 10% cap on all credit card interest rates Senator Ted Cruz STUNS the Entire Congress With This POWERFUL Speech (On the Border) Kash Patel, Trump’s top choice for CIA Director, wants to immediately release classified The £4 supplement that could slash blood pressure - reducing stroke, dementia and heart attack risk RFK Jr. to be involved in oversight of health and agriculture departments under second Trump admin ​​​​​​​"Keep Grinding": Elon Musk's America PAC Will Continue Anti-Soros Push Ahead Of Special Elections & Midterms Johnny B Goode Russian Hypersonic Advances Remain Beyond Western Reach US Preps for War vs China, Dusts-Off Deserted WWII Air Bases Spain on high alert as deadly storms loom: new flood risks in Barcelona, Majorca, Ibiza. U.S. Publication Foreign Policy Says NATO Knows Ukraine Is Losing The War Red Lobster and TGI Fridays are closing. Heres whats moving in The United Nations is again warning of imminent famine in northern Gaza. Israeli Drone Attack Targets Aid Distribution Center in Syria Trump's new Cabinet picks, a Homan tribute, and Lizzo's giant toddler hand [Livestream in progress] Russia and Iran Officially Link Their National Banking Systems

Science/Tech
See other Science/Tech Articles

Title: Internet flaw could let hackers take over the Web
Source: Breitbart
URL Source: http://www.breitbart.com/article.ph ... 124916.zxdxcmkx&show_article=1
Published: Jul 10, 2008
Author: AFP
Post Date: 2008-07-10 06:54:34 by Ada
Keywords: None
Views: 122
Comments: 2

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web. Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

"It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call.

"You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."

The flaw would be a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.

Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

On Tuesday the US Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, issued a warning to underscore the serious of so-called DNS "cache poisoning attacks" the vulnerability could allow.

"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said.

"Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."

"People should be concerned but they should not be panicking," Kaminsky said. "We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before."

Kaminsky built a web page, http://www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.

Kaminsky was among about 16 researchers from around the world who met in March at Microsoft's campus in Redmond, Washington, to figure out what to do about the flaw.

"I found it completely by accident," Kaminsky said. "I was looking at something that had nothing to do with security. This one issue affected not just Microsoft and Cisco, but everybody."

The cadre of software wizards charted an unprecedented course, creating a patch to release simultaneously across all computer software platforms.

"This hasn't been done before and it is a massive undertaking," Kaminsky said.

"A lot of people really stepped up and showed how collaboration can protect customers."

Automated updating should protect most personal computers. Microsoft released the fix in a software update package Tuesday.

A push is on to make sure company networks and Internet service providers make certain their computer servers are impervious to web traffic hijackings using the DNS attack.

The patch can't be "reverse engineered" by hackers interested in figuring out how to take advantage of the flaw, technical details of which are being kept secret for a month to give companies time to update computers.

"This is a pretty important day," said Jeff Moss, founder of a premier Black Hat computer security conference held annually in Las Vegas.

"We are seeing a massive multi-vendor patch for the entire addressing scheme for the internet - the kind of a flaw that would let someone trying to go to http://Google.com be directed to wherever an attacker wanted."

Hackers using the vulnerability to attack company computer networks would also be able to capture email and other business data.

Kaminsky alerted US national security agencies to the crack in cyber warfare defenses.

"This really shows the value-add of independent security researchers," said former Department of Homeland Security National Cyber Security Division director Jerry Dixon.

Post Comment   Private Reply   Ignore Thread  

#1. To: Ada (#0)

Something is wrong with this article. Think about it.

Law Enforcement Against Prohibition

"There is no 'legitimate' Corporation by virtue of it's very legal definition and purpose."
-- IndieTx

"Corporation: An entity created for the legal protection of its human parasites, whose sole purpose is profit and self-perpetuation." © IndieTx

IndieTX  posted on  2008-07-10   7:37:52 ET  Reply   Trace   Private Reply  

www.doxpara.com/

Lod  posted on  2008-07-10   9:13:22 ET  Reply   Trace   Private Reply  

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]