Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Security Fixes and Improvements

Security Fixes and Improvements

DNS Flaw Finally Fixed

It was discovered 6 months ago

By George Craciun, Security News Editor

9th of July 2008, 11:59 GMT

Adjust text size:


Industry pulls together to fix DNS vulnerability
Enlarge picture
The DNS flaw refers to the way web page addressing is handled on the Internet, and the one who discovered it by accident was Dan Kaminsky. An attacker can take advantage of this security issue and redirect the user to any site, no matter what address the user is trying to access. It would be a great opportunity for someone with malicious intent to set up a fake site and get your private data (phishing). The worst thing is that the flaw affects all platforms, no matter the vendor they came from.
A fix was issued by the industry yesterday, the 9th of July.

DNS (short for Domain Name System) works like this: whenever you type an address into your browser, that name is converted into a series of numbers so that your request can be properly routed. For example the ICANN.org web page turns into 208.77.188.103.

Dan Kaminsky comments: "It is a fundamental issue affecting the design. Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone. People should be concerned but they should not be panicking."

Phishing stands to win the most from such a vulnerability. Instead of accessing your bank's web page for example, you will be redirected to another site that looks the same, but was set up by someone with malicious intentions. You will not be aware of the fact that you have been redirected and you will provide the phishing site with all your private information.

Rich Mogul from Securiosis comments: "It's a very fundamental issue with how the entire addressing scheme of the Internet works. You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."

This is the first time that a vulnerability of this magnitude comes to light. The industry has been working hard for the past six months and a patch has been made available.

TAGS:

 DNS | phishing | vulnerability


Rating:
NOT RATED 0 vote(s) so far    

Read by 542 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Can IT Security Companies Go Green?

The IT World Plagued by Data Leaks

Keep Your Network Safe from the Beijing Olympics

Mozilla Pushes for New Security Metrics

MSN Flooded with Spam and Phishing Attempts

UK Hacker Gets 9 Years for Bank Fraud

Mozilla: Firefox Is Superior to IE, Opera and Safari

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

You are not logged on. Please provide your name and email address.
Log on to get your comments posted and visible instantly.
Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive