Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.
Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which lies in the way computers are routed to Web page addresses. Automated updating should protect most PCs.
“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call. “You’d have the Internet, but it wouldn’t be the Internet you expect. [Hackers] would control everything.”
The flaw would be a boon for “phishing” cons that involve leading people to imitation Web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.
Attackers could use the vulnerability to route Internet users wherever they wanted no matter what Web site address is typed into a Web browser.
Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.
DNS is used by every computer that links to the Internet and works along the lines of a telephone system routing calls to proper numbers, in this case the online numerical addresses of Web sites.
“People should be concerned but they should not be panicking,” Kaminsky said. “We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before.”
Kaminsky built a Web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.
Kaminsky was among about 16 researchers from around the world who met in March at Microsoft’s campus in Washington to figure out what to do about the flaw.
“I found it completely by accident,” he said. “I was looking at something that had nothing to do with security. This one issue affected not just Microsoft and Cisco, but everybody.”
A push is on to make sure company networks and Internet service providers make certain their computer servers are impervious to hijackings using the DNS attack.
CHANGE OF MIND: The Chinese crew at first showed a willingness to cooperate, but later regretted that when the ship arrived at the port and refused to enter Togolese Republic-registered Chinese freighter Hong Tai (宏泰號) and its crew have been detained on suspicion of deliberately damaging a submarine cable connecting Taiwan proper and Penghu County, the Coast Guard Administration said in a statement yesterday. The case would be subject to a “national security-level investigation” by the Tainan District Prosecutors’ Office, it added. The administration said that it had been monitoring the ship since 7:10pm on Saturday when it appeared to be loitering in waters about 6 nautical miles (11km) northwest of Tainan’s Chiang Chun Fishing Port, adding that the ship’s location was about 0.5 nautical miles north of the No.
A Chinese freighter that allegedly snapped an undersea cable linking Taiwan proper to Penghu County is suspected of being owned by a Chinese state-run company and had docked at the ports of Kaohsiung and Keelung for three months using different names. On Tuesday last week, the Togo-flagged freighter Hong Tai 58 (宏泰58號) and its Chinese crew were detained after the Taipei-Penghu No. 3 submarine cable was severed. When the Coast Guard Administration (CGA) first attempted to detain the ship on grounds of possible sabotage, its crew said the ship’s name was Hong Tai 168, although the Automatic Identification System (AIS)
COORDINATION, ASSURANCE: Separately, representatives reintroduced a bill that asks the state department to review guidelines on how the US engages with Taiwan US senators on Tuesday introduced the Taiwan travel and tourism coordination act, which they said would bolster bilateral travel and cooperation. The bill, proposed by US senators Marsha Blackburn and Brian Schatz, seeks to establish “robust security screenings for those traveling to the US from Asia, open new markets for American industry, and strengthen the economic partnership between the US and Taiwan,” they said in a statement. “Travel and tourism play a crucial role in a nation’s economic security,” but Taiwan faces “pressure and coercion from the Chinese Communist Party [CCP]” in this sector, the statement said. As Taiwan is a “vital trading
‘STRONG GENERATION’: The DPP has alleged that the TPP legislator-at-large used his position to help businesses affiliated with his wife, siblings, children and in-laws Taiwan People’s Party (TPP) Legislator-at-large Wu Chun-cheng (吳春城), who has been accused of conflicts of interest related to his support for a “strong generation,” yesterday said he would resign from his post. The Act Promoting Development for Strong Generation Policies and Industries (壯世代政策與產業發展促進法) was passed on Jan. 7 to address aging through industrial development. It defines the “strong generation” as those aged 55 or older with the ability and willingness to work, and stipulates that the government is responsible for putting in place policies that help those in the aging population lead a better life. Wu, known for initiating the act, at
RSS