Critical Internet fault patched

The Feedster

Regular Member
Joined
Jun 26, 2007
Messages
26,190
Reaction score
6
Points
0
Age
59
generic-internet-200-200.jpg
A security flaw in the way computers looks up web addresses could have brought the internet to its knees, according to researchers, who have worked with major companies to patch the problem.

A DNS flaw involving the way in which someone could effectively re-route a request for a webpage to a malware 'trap' site was spotted by IOActive's Dan Kaminsky - who took the problem to major players like Microsoft, Sun and Cisco.

The companies collaborated on a solution and the latest software updates should patch the problem, according to the US Computer Emergency Readiness Team.

Cache poisoning

"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said.

"Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."

Kaminsky told AFPthat the problem was on a scale not seen in the past.

"People should be concerned but they should not be panicking," Kaminsky said. "We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before."

mf.gif



More...
 
Top