Dan Kaminsky, a director at IOActive, believes there are some major flaws on the Internet that need to be fixed to stop hackers from diverting users to fake websites where personal and financial information can be stolen. Kaminsky intends to layout details at a security conference in Las Vegas next week.
The New York Times reports that Kaminsky has discovered a problem with the Domain Name System, a kind of automated phone book that converts human-friendly addresses like google.com into machine-friendly numeric counterparts.
The newspaper said the flaw in this system can easily allow criminals to redirect web traffic to an impostor site set up to steal the user's name and password. Some major Internet service providers, such as Comcast and Verizon, said that a software patch is already in place, and At&T said it is working on the problem. But the issue is global, and many users are still vulnerable.
For more on this threat:
- see the New York Times article [1]
Links:
[1] http://www.nytimes.com/2008/07/30/technology/30flaw.html?_r=1&hp&oref=slogin