Connect with us

Hi, what are you looking for?

Capital Business
Capital Business

World

Internet flaw could let hackers take over the Web

SAN FRANCISCO, July 9  – Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

"It\’s a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call.

"You\’d have the Internet, but it wouldn\’t be the Internet you expect. (Hackers) would control everything."

The flaw would be a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.

Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

"People should be concerned but they should not be panicking," Kaminsky said. "We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before."

Advertisement. Scroll to continue reading.

Kaminsky built a web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.

Kaminsky was among about 16 researchers from around the world who met in March at Microsoft\’s campus in Redmond, Washington, to figure out what to do about the flaw.

"I found it completely by accident," Kaminsky said. "I was looking at something that had nothing to do with security. This one issue affected not just Microsoft and Cisco, but everybody."

The cadre of software wizards charted an unprecedented course, creating a patch to release simultaneously across all computer software platforms.

"This hasn\’t been done before and it is a massive undertaking," Kaminsky said.

"A lot of people really stepped up and showed how collaboration can protect customers."

Automated updating should protect most personal computers. Microsoft released the fix in a software update package Tuesday.

A push is on to make sure company networks and Internet service providers make certain their computer servers are impervious to web traffic hijackings using the DNS attack.

The patch can\’t be "reverse engineered" by hackers interested in figuring out how to take advantage of the flaw, technical details of which are being kept secret for a month to give companies time to update computers.

Advertisement. Scroll to continue reading.

"This is a pretty important day," said Jeff Moss, founder of a premier Black Hat computer security conference held annually in Las Vegas.

"We are seeing a massive multi-vendor patch for the entire addressing scheme for the internet – the kind of a flaw that would let someone trying to go to Google.com be directed to wherever an attacker wanted."

Hackers using the vulnerability to attack company computer networks would also be able to capture email and other business data.

Kaminsky alerted US national security agencies to the crack in cyber warfare defenses.

"This really shows the value-add of independent security researchers," said former Department of Homeland Security National Cyber Security Division director Jerry Dixon.

News of the problem and the patch is being shared with other countries.

"What Dan\’s done is really significant for the entire stability of the Internet," Moss said.

"I don\’t even want to ask how much money he would have gotten for this bug if he wanted to sell it. Instead he brought it to light; I\’m definitely buying Dan a beer."

Advertisement. Scroll to continue reading.
Click to comment
Advertisement

More on Capital Business

Executive Lifestyle

NAIROBI, Kenya, Mar 12 – The country’s super wealthy individuals are increasing their holding of bonds, gold and cash, a new report by Knight...

Ask Kirubi

NAIROBI, Kenya, Mar 9 – Businessman and industrialist Dr. Chris Kirubi has urged members of the public to exercise extreme caution when making any...

Ask Kirubi

NAIROBI, Kenya, Mar 24 – Businessman and industrialist Dr. Chris Kirubi is set to own half of Centum Investment Company PLC, following a go-ahead...

Ask Kirubi

It is without a doubt that the COVID-19 pandemic has caught the whole world by surprise. Although its full impact is yet to be...

Headlines

NAIROBI, Kenya, Mar 18 – Commercial Banks have been ordered to provide relief to borrowers on their personal loans, with loans eligible from March...

Kenya

NAIROBI, Kenya, Jun17 – Kenya’s tea leaves manufacturer Kericho Gold, has been awarded the Superbrands Seal by Superbrands East Africa for their quality variety...

Coronavirus

NAIROBI, Kenya, Apr 13 – As the local telecommunications industry gears up to roll out 5G networks in the country, the Communications Authority of...

Coronavirus

NAIROBI, Kenya, Mar 22 – Airtel Kenya is offering free internet access for students in order to enable continued learning at home in the...