RSS
Email
SMS
Details Of A ‘Major’ Flaw In Internet Posted Online, Accidentally
(Rate this article)
Loading ...
A few days back, while surfing, I came across this piece of article that discussed how a researcher named Dan Kaminsky has figured out a flaw in the basic architecture of the Internet. The flaw, which appears in the DNS system allows for poison attacks. Dan had been working with Microsoft, Cisco and the Internet Consortium to patch the vulnerability. Dan had planned to disclose the vulnerability once he is done patching it up. He was planning to disclose the vulnerability in the Black Hat security conference to be held on August 6.
What happened was that some hackers and computer security enthusiasts took it on themselves to find the vulnerability before Dan announces it. On Monday, one of them, named Thomas Dullien who goes by the hacker name Halvar Flake (and is the CEO of Zynamics.com), took a guess at the bug. One of the vendors who have been briefed about the issue, Matasano Security, confirmed his view quickly in one of their blog posts reports CNET. The post said :
“The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat,”
The blog post, published at 1:30 pm was removed within 5 minutes. However, it was already doing the rounds of the Internet by then.
The vulnerability is related to the way the DNS clients and server IP information from each other. What happens when you type in www.WATBlog.com in your browser is that thebrowser sends the request for the website to a computer server known as the DNS server. The DNS server maps www.WATBlog.com to its IP address, which is the computer address of the machine where the WATBlog pages are stored. Now, if the DNS server in question does not knows the IP address of WATBlog.com, it passes the query to another DNS server. This is where the malicious injection can happen. A hacker can make the new web address to pint to some other website. For example, a user can make www.ICICIBank.com website to point to a phishing website. And as this can be done at ISP level, this means, all the users logging on to the infected website from a particular ISP will be moving to the new phishing website.
Dan declined to comment on whether Flaks as has discovered the flaw but had asked the administrators to patch this flaw as soon as possible.
Hope the bug is patched now and our readers do end up on our website only.
Leave a Comment and Follow the replies through Post Comment Feed