Knowledge Centre
9th July 2008
A serious security flaw that could have put customers of commercial websites at serious risk of fraud has been fixed, according to software engineers.
The weakness affects the Domain Name System (DNS), through which internet-connected computers convert web addresses written in words to a series of numbers. Left unchecked, it would have allowed criminals to 'spoof' almost any website and hijack its traffic – even when the visitor had typed in the correct address.
Security researcher Dan Kaminsky discovered the problem by accident six months ago, since when he has been working secretly to find a fix, alongside a team of experts and software firms such as Microsoft, Cisco and Yahoo.
The silence was broken today, with the simultaneous release of security updates across software providers.
"This hasn't been done before and it is a massive undertaking," Kaminsky said, quoted by BBC News.
Businesses have been advised to make sure that their IT systems are protected by the latest security updates from their software provider.
Most personal computer users should receive the necessary patches automatically as part of their regular updates. Windows users can check that their computers are patched by visiting Windows Update.
Major net bug 'fixed'
The weakness affects the Domain Name System (DNS), through which internet-connected computers convert web addresses written in words to a series of numbers. Left unchecked, it would have allowed criminals to 'spoof' almost any website and hijack its traffic – even when the visitor had typed in the correct address.
Security researcher Dan Kaminsky discovered the problem by accident six months ago, since when he has been working secretly to find a fix, alongside a team of experts and software firms such as Microsoft, Cisco and Yahoo.
The silence was broken today, with the simultaneous release of security updates across software providers.
"This hasn't been done before and it is a massive undertaking," Kaminsky said, quoted by BBC News.
Businesses have been advised to make sure that their IT systems are protected by the latest security updates from their software provider.
Most personal computer users should receive the necessary patches automatically as part of their regular updates. Windows users can check that their computers are patched by visiting Windows Update.
Tags: Online
Post to:
What are these?
No comments have been published yet.
- 20th January 2011 Unemployment figures hit 2.5 million
- 14th January 2011 Government 'must introduce fuel duty stabiliser'
- 7th January 2011 FSB call 'to reverse VAT rise'
Site by Acknowledgement