Hackers get hold of critical Internet flaw

News Flash

Don't expect any slowdown in power biz through 2009
Will buy firms that can't achieve financial closure
Sitting on enough cash to pick up stake in new projects
Budge Budge unit to be on-stream ahead of schedule
Seeks increase in duty drawbacks and DEPB by 3%
Wants a minimum ceiling of 7% on export credit
Needs an additional 2% interest subvention
Bags order from Southern Railways worth Rs.110cr
India fairly insulated due to robust domestic demand
Pvt held business owners with 83% level of optimism
Travel and tourism remains relatively insulated
Majority of countries view 2009 as a difficult year
Fitch withdraws rating on Jindal Stainless
L&T bags order worth Rs.1100 crores
Key clients confidence is shaken in Satyam
Satyam could become vulnerable for acquisition
Satyam could face pricing pressure due to the situation
100 people a diminutive no.; not indicative of anything
Software, BPO staff among those planning to quit: Srcs
Resignations seen in lower, mid level management: Srcs
100 more may resign; to wait for board meet on 10th: Srcs
120 employees resign post Maytas fiasco: Sources
Senior mgmt unhappy with board decisions: Sources
To consider acquisition of housing finance co on Jan 8
Punj Lloyd wins order worth Rs 264cr for Sikkim Airport
Q2 Net Sales at Rs. 214.79cr vs Rs.162.71cr (QoQ)
Q2 PAT at Rs.31.03cr vs Rs.15cr (QoQ)
Nod for Gabapentin capsule from Health Canada
Expect Wipro to miss guidance in Q3
50% weight of Index under stress for Q3 earnings

Updated: 25/07/2008 | 10:45 AM IST

Top Stories

Agence France Presse

Friday, July 25, 2008 (San Francisco)

Blog

Comments:

Read (0)

Post

Rate the story

Internet security researchers have warned that hackers have caught on to a "critical" flaw that lets them control traffic on the Internet.

An elite squad of computer industry engineers that laboured in secret to solve the problem released a software "patch" two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks.

"We are in a lot of trouble," said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

"This attack is very good. This attack is being weaponised out in the field. Everyone needs to patch, please," Kaminsky said. "This is a big deal."

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

The vulnerability allows "cache poisoning" attacks that tinker with data stored in computer memory caches that relay Internet traffic to its destination.

Attackers could use the vulnerability to route Internet users wherever the hackers wanted, no matter what website address is typed into a web browser.

The threat is greatest for business computers handling online traffic or hosting websites, according to security researchers.

The flaw is a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.