Unbeknownto the rest of us, according to the reports, major software and hardware makers worked in secret for months to create a software "patch" released on to repair the problem, which is in the way computers are routed to web page addresses. Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.
The hacker's results would have you on the internet , but it wouldn't be the Internet you expect. (Hackers) would control everything.
The flaw would be for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.
Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.
DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.
The US Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, issued a warning to underscore the serious of so-called DNS "cache poisoning attacks" the vulnerability could allow.
"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said.
"Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."
There is a web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.
Hackers using the vulnerability to attack company computer networks would also be able to capture email and other business data.
0 comments:
Post a Comment