Major Internet security flaw also affects e-mail

August 7, 2008 – 5:57 AM

A newly discovered flaw in the Internet’s core infrastructure not only permits hackers to force people to visit Web sites they didn’t want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there’s no evidence yet that this method of targeting e-mail has been used in a successful attack.

Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet’s design that, in one case, allowed hackers to reroute some computer users in Texas to a fake site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks.

The flaw wasn’t in the site itself, it was in the back-end machines responsible for guiding computers to that site.

The vulnerability Kaminsky found is especially insidious because it allows criminals to tamper with machines whose reliability and trustworthiness is critical for the Internet to function properly.

Kaminsky, who spoke Wednesday at the Black Hat hacker conference in Las Vegas, has given few details publicly about the vulnerability he found in the Domain Name System (DNS), a network of servers used to connect computers to Web sites.


You must be logged in to post a comment.