9th July 2008
A serious security flaw that could have put customers of commercial websites at serious risk of fraud has been fixed, according to software engineers.
The weakness affects the Domain Name System (DNS), through which internet-connected computers convert web addresses written in words to a series of numbers. Left unchecked, it would have allowed criminals to 'spoof' almost any website and hijack its traffic – even when the visitor had typed in the correct address.
Security researcher Dan Kaminsky discovered the problem by accident six months ago, since when he has been working secretly to find a fix, alongside a team of experts and software firms such as Microsoft, Cisco and Yahoo.
The silence was broken today, with the simultaneous release of security updates across software providers.
"This hasn't been done before and it is a massive undertaking," Kaminsky said, quoted by BBC News.
Businesses have been advised to make sure that their IT systems are protected by the latest security updates from their software provider.
Most personal computer users should receive the necessary patches automatically as part of their regular updates. Windows users can check that their computers are patched by visiting Windows Update.
Major net bug 'fixed'
The weakness affects the Domain Name System (DNS), through which internet-connected computers convert web addresses written in words to a series of numbers. Left unchecked, it would have allowed criminals to 'spoof' almost any website and hijack its traffic – even when the visitor had typed in the correct address.
Security researcher Dan Kaminsky discovered the problem by accident six months ago, since when he has been working secretly to find a fix, alongside a team of experts and software firms such as Microsoft, Cisco and Yahoo.
The silence was broken today, with the simultaneous release of security updates across software providers.
"This hasn't been done before and it is a massive undertaking," Kaminsky said, quoted by BBC News.
Businesses have been advised to make sure that their IT systems are protected by the latest security updates from their software provider.
Most personal computer users should receive the necessary patches automatically as part of their regular updates. Windows users can check that their computers are patched by visiting Windows Update.
Tags: Online
- 21st November 2008 Official retail figures 'hide tough condition', says BRC
- 20th November 2008 Entrepreneurs 'should be school governors'
- 19th November 2008 Small businesses urged to register hazardous substances
Delicious
Digg
reddit
Facebook
StumbleUpon