[Infowarrior] - Leaks in Patch for Web Security Hole

Richard Forno rforno at infowarrior.org
Mon Aug 11 12:22:56 UTC 2008



Begin forwarded message:

> From: Monty Solomon <monty at roscom.com>
>
> Leaks in Patch for Web Security Hole
>
> By JOHN MARKOFF
> The New York Times
> August 9, 2008
>
> SAN FRANCISCO - Faced with the discovery of a serious flaw in the
> Internet's workings, computer network administrators around the world
> have been rushing to fix their systems with a cobbled-together patch.
> Now it appears that the patch has some gaping holes.
>
> On Friday, a Russian physicist demonstrated that the emergency fix to
> the basic Internet address system, known as the Domain Name System,
> is vulnerable and will almost certainly be exploited by criminals.
>
> The flaw could allow Internet traffic to be secretly redirected so
> thieves could, for example, hijack a bank's Web address and collect
> customer passwords.
>
> In a posting on his blog, the physicist, Evgeniy Polyakov, wrote that
> he had fooled the software that serves as the Internet's telephone
> book into returning an incorrect address in just 10 hours, using two
> standard desktop computers and a high-speed network link. Internet
> experts who reviewed the posting said the approach appeared to be
> effective.
>
> ...
>
> http://www.nytimes.com/2008/08/09/technology/09flaw.html?partner=rssuserland&emc=rss&pagewanted=all



More information about the Infowarrior mailing list