Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.
Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which lies in the way computers are routed to Web page addresses. Automated updating should protect most PCs.
“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call. “You’d have the Internet, but it wouldn’t be the Internet you expect. [Hackers] would control everything.”
The flaw would be a boon for “phishing” cons that involve leading people to imitation Web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.
Attackers could use the vulnerability to route Internet users wherever they wanted no matter what Web site address is typed into a Web browser.
Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.
DNS is used by every computer that links to the Internet and works along the lines of a telephone system routing calls to proper numbers, in this case the online numerical addresses of Web sites.
“People should be concerned but they should not be panicking,” Kaminsky said. “We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before.”
Kaminsky built a Web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.
Kaminsky was among about 16 researchers from around the world who met in March at Microsoft’s campus in Washington to figure out what to do about the flaw.
“I found it completely by accident,” he said. “I was looking at something that had nothing to do with security. This one issue affected not just Microsoft and Cisco, but everybody.”
A push is on to make sure company networks and Internet service providers make certain their computer servers are impervious to hijackings using the DNS attack.
Authorities have detained three former Taiwan Semiconductor Manufacturing Co (TMSC, 台積電) employees on suspicion of compromising classified technology used in making 2-nanometer chips, the Taiwan High Prosecutors’ Office said yesterday. Prosecutors are holding a former TSMC engineer surnamed Chen (陳) and two recently sacked TSMC engineers, including one person surnamed Wu (吳) in detention with restricted communication, following an investigation launched on July 25, a statement said. The announcement came a day after Nikkei Asia reported on the technology theft in an exclusive story, saying TSMC had fired two workers for contravening data rules on advanced chipmaking technology. Two-nanometer wafers are the most
NEW GEAR: On top of the new Tien Kung IV air defense missiles, the military is expected to place orders for a new combat vehicle next year for delivery in 2028 Mass production of Tien Kung IV (Sky Bow IV) missiles is expected to start next year, with plans to order 122 pods, the Ministry of National Defense’s (MND) latest list of regulated military material showed. The document said that the armed forces would obtain 46 pods of the air defense missiles next year and 76 pods the year after that. The Tien Kung IV is designed to intercept cruise missiles and ballistic missiles to an altitude of 70km, compared with the 60km maximum altitude achieved by the Missile Segment Enhancement variant of PAC-3 systems. A defense source said yesterday that the number of
A bipartisan group of US representatives have introduced a draft US-Taiwan Defense Innovation Partnership bill, aimed at accelerating defense technology collaboration between Taiwan and the US in response to ongoing aggression by the Chinese Communist Party (CCP). The bill was introduced by US representatives Zach Nunn and Jill Tokuda, with US House Select Committee on the Chinese Communist Party Chairman John Moolenaar and US Representative Ashley Hinson joining as original cosponsors, a news release issued by Tokuda’s office on Thursday said. The draft bill “directs the US Department of Defense to work directly with Taiwan’s Ministry of National Defense through their respective
Tsunami waves were possible in three areas of Kamchatka in Russia’s Far East, the Russian Ministry for Emergency Services said yesterday after a magnitude 7.0 earthquake hit the nearby Kuril Islands. “The expected wave heights are low, but you must still move away from the shore,” the ministry said on the Telegram messaging app, after the latest seismic activity in the area. However, the Pacific Tsunami Warning System in Hawaii said there was no tsunami warning after the quake. The Russian tsunami alert was later canceled. Overnight, the Krasheninnikov volcano in Kamchatka erupted for the first time in 600 years, Russia’s RIA
RSS