Thursday, August 07, 2008

Hole in the Web

Thursday August 7, 2008

Internet Flaw
Experts fear open season for virus attacks, fraud scams

SAN FRANCISCO — A giant vulnerability in the Internet is allowing criminals to silently redirect traffic to websites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk.

The security hole enables a scam that targets ordinary people who type in a legitimate Web address. But hackers can manipulate the machines that help computers find websites.

If the trick is done properly, computer users are unlikely to detect whether they’ve landed at a legitimate site or an evil twin run by someone bent on fraud.

The flaw was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing AT&T customers in Texas to a fake Google site.

The phony page was accompanied by three programmes that automatically clicked on ads, with profits for those clicks going to the hackers.

Said Mr Paul Vixie, president of Internet Systems Consortium, a non-profit software publisher: “This is the mother lode, from the point of view of criminals looking for easier access to other people’s money and secrets.”

The flaw is in the Domain Name System (DNS), a network of servers that translates words typed into browsers into numbers that computers understand. By adding bad information to the packets of data passing through DNS servers, hackers can swap the address of a legitimate website for a malicious website.

Security experts now fear an open season for virus attacks and identity-fraud scams. “It’s like saying: `There’s a bunch of money on the street. If you can get over there soon enough, you can get it,”’ said VeriSign chief technology officer Ken Silva. AP
Post a Comment