THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

Newly revealed Web flaw is magnet for crooks

Email|Print|Single Page| Text size + By
Associated Press / August 6, 2008

SAN FRANCISCO - A giant vulnerability in the Internet's design is allowing criminals to silently redirect traffic to websites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk.

The gaping security hole enables a scam that targets ordinary people typing in a legitimate Web address. It happens because hackers are now able to manipulate the machines that help computers find websites. If the trick is done properly, computer users are unlikely to detect whether they've landed at a legitimate site or a malicious double maintained by someone bent on fraud.

Security experts fear an open season for virus attacks and identity-fraud scams.

"It's kind of like saying, 'There's a bunch of money on the street. If you can get over there soon enough, you can get it,' " said Ken Silva, chief technology officer for VeriSign Inc., which manages the ".com" and ".net" directories of Internet addresses. "It's something the industry is taking seriously. You'd be in a bad place if you weren't doing something about it."

The bug's existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Inc. Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers.

The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand.

A computer user in San Francisco might type www.yahoo.com and head straight to the real Yahoo site, while at the same moment, a user in New York - whose traffic is routed through different DNS servers - might type that same Web address and end up on a phony duplicate site.

Scant details have been available about how the vulnerability works.

The researcher who discovered it, Dan Kaminsky of Seattle-based computer security consultant IOActive Inc., said July 8 that he'd found a major weakness in DNS.

Kaminsky kept the rest secret because he wanted to give companies that run vulnerable servers a month to apply patches - software tweaks that cover the security hole.

More details about the vulnerability are expected to emerge today, when Kaminsky speaks at the Black Hat computer security conference in Las Vegas.

© Copyright 2008 Globe Newspaper Company.
  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.