Tech giants unite to thwart web hijack risk

Rainmaker

Rainmaker

Rainmaker

Soldato
Joined
18 Aug 2007
Posts
9,916
Location
Liverpool
Sincere apologies in advance if this has already been posted. I have done several searches using various combinations (DNS, hijacking, addressing etc) and couldn't find anything... But if there hasn't already been a thread I'm quite surprised tbh :D

Anyway...

Internet giants have united to fix a serious flaw in the internet addressing system that might have let hackers hijack web traffic.
The big software and hardware makers worked in secret for months to create a software patch which has now been released to repair the glitch.
The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser. Dan Kaminsky, a security researcher at IOActive, stumbled upon the vulnerability in the domain name system (DNS) about six months ago and contacted industry giants including Microsoft, Sun Microsystems and Cisco to collaborate on a solution.
Click to expand...
The Times' HP Sauce.


Quite an interesting read, and the article contains a link to the website of the exploit's discoverer which contains a vulnerability checker for your own DNS. OpenDNS scans clean, but I haven't checked UK Online's. Has anybody else seen this? I'm no DNS expert but this could have caused a great deal of confusion (not to mention massive financial losses) had it broken into the wild.
 
this has broken in to the wild, it's been a problem for ages ( to the best of my knowledge )
it's all about just asking for the ip address of the website, and waiting for any one to come back with an answer....

Please correct me if i'm wrong ( as i would love to know )
 
cooljimy84 said:
this has broken in to the wild, it's been a problem for ages ( to the best of my knowledge )
it's all about just asking for the ip address of the website, and waiting for any one to come back with an answer....

Please correct me if i'm wrong ( as i would love to know )
Click to expand...

Pretty sure I read on BBC that they thought it hadn't been discovered by anyone else and they were withholding technical details for a week or two too allow for everyone to patch it.
 
You must log in or register to reply here.
Back
Top Bottom