Internet security gap plugged in secret

It's the online world's great good fortune that security boffin Dan Kaminsky discovered the inherent security flaw in the internet and immediately set about fixing it in secret.

Six months ago found a vulnerability a flaw in the domain name system (DNS) by accident. He immediately consulted techies at some of the world's biggest technology companies - including Microsoft, Sun and Cisco - and worked in secret with a team to come up with a fix, which has just been released.

The security risk arose from the way in which the domain name system (DNS) converts addresses written in alphabetic characters (such as www.telecomseurope.net) into IP addresses, which are used to route traffic across the internet.

The flaw would have allowed criminals to intercept internet addresses input by users and redirect their browsers to fake web sites, such as for banking or purchases to gain bank account, credit card and other personal details - a global phishing phest, no less.

For once, claims of an unprecedented situation are entirely accurate and the likes of Microsoft and Cisco are helping distribute the software patch developed to plug the gap.

According to the BBC, technical details are being kept secret for another month to give companies a chance to update their computers, before malicious hackers try to unpick the patch.

Personal computers should get the patch through automated updates. Microsoft released its patch on 8 July as part of its usual security cycle.

It remains to  be seen if loopholes remain and how fast ill doers are to exploit them.

Suggested Articles

Wireless operators can provide 5G services with spectrum bands both above and below 6 GHz—but that doesn't mean that all countries will let them.

Here are the stories we’re tracking today.

The 5G Mobile Network Architecture research project will implement two 5G use cases in real-world test beds.