Scary Internet Security Story of the Day

• Views: 1,887

The serious bug discovered recently in most of the world’s DNS servers has even greater implications, according to security expert Dan Kaminsky: Major Internet security flaw also affects e-mail.

LAS VEGAS - A newly discovered flaw in the Internet’s core infrastructure not only permits hackers to force people to visit Web sites they didn’t want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday. …

Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet’s design that, in one case, allowed hackers to reroute some computer users in Texas to a fake google.com site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks. The flaw wasn’t in the site itself, it was in the back-end machines responsible for guiding computers to that site.

The vulnerability Kaminsky found is especially insidious because it allows criminals to tamper with machines whose reliability and trustworthiness is critical for the Internet to function properly. …

While some details leaked out early — security researchers accurately guessed parts of Kaminsky’s discovery — he was able to keep a few juicy bits secret until the talk.

One of those was the susceptibility of many e-mail servers to the DNS vulnerability, an opening that gives criminals a way to plant themselves in the middle of the transmission from the sender to the recipient and redirect messages to their own servers, Kaminsky said. The result: criminals have a way not only to comb through the contents of those messages, but also to gain access to other password-protected Web sites the victims belong to.

That’s because most sites have a feature that allows members to retrieve their passwords by e-mail if they’ve forgotten them. If a criminal has access to the account where that message is sent, he can then begin snooping on the contents of that account, from e-mail, to banking, to retailer sites.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh