| YOUR SERVER DOWN? READ THE BUSYGAMER.COM ARCHIVES. © 2007-2008 BusyGamer Inc | For more info email admin@busygamer.com | All rights reserved |
| JULY 25, 2008 |
| 07.24.08 NY passes game labelling law / Watchmen DL 07.23.08 Xbox 360 welcomes new game creators 07.22.08 Wii Motion |
The vulnerability allows "cache poisoning" attacks that tinker with data stored in
computer memory caches that relay Internet traffic to its destination.
Attackers could use the vulnerability to route Internet users wherever the
hackers wanted, no matter what website address is typed into a web browser.
The threat is greatest for business computers handling online traffic or hosting
websites, according to security researchers.
The flaw is a boon for "phishing" cons that involve leading people to imitation
web pages of businesses such as bank or credit card companies to trick them
into disclosing account numbers, passwords and other information.
"I was not intentionally seeking to cause anything that could break the Internet,"
Kaminsky said Thursday during a conference call with peers and media. "It's a
little weird to talk about it out loud."
Kaminsky built a web page, www.doxpara.com, where people can find out
whether their computers have the DNS vulnerability. As of Thursday, slightly
more than half the computers tested at the website still needed to be patched.
"People are spending tens of thousands of hours getting this patch out the
door," Kaminsky said.
The US Computer Emergency Readiness Team (CERT), a joint
government-private sector security partnership, is among the chorus urging
people to quickly protect computers linked to the Internet.
"Just like you should wear a seat belt going down the road to be safe in a car
accident, the same applies here," said Jerry Dixon, a former director of cyber
security at the US Department of Homeland Security.
"The patch is your seat belt. The exploit is out there and you definitely need to
take precautions. Now is not the time to keep waiting."
Two "exploits," software snippets that take advantage of the vulnerability, have
been unleashed on the Internet in the past 24 hours, Securosis analyst Rich
Mogul said during the conference call.
"The threat is there," Mogul said.
computer memory caches that relay Internet traffic to its destination.
Attackers could use the vulnerability to route Internet users wherever the
hackers wanted, no matter what website address is typed into a web browser.
The threat is greatest for business computers handling online traffic or hosting
websites, according to security researchers.
The flaw is a boon for "phishing" cons that involve leading people to imitation
web pages of businesses such as bank or credit card companies to trick them
into disclosing account numbers, passwords and other information.
"I was not intentionally seeking to cause anything that could break the Internet,"
Kaminsky said Thursday during a conference call with peers and media. "It's a
little weird to talk about it out loud."
Kaminsky built a web page, www.doxpara.com, where people can find out
whether their computers have the DNS vulnerability. As of Thursday, slightly
more than half the computers tested at the website still needed to be patched.
"People are spending tens of thousands of hours getting this patch out the
door," Kaminsky said.
The US Computer Emergency Readiness Team (CERT), a joint
government-private sector security partnership, is among the chorus urging
people to quickly protect computers linked to the Internet.
"Just like you should wear a seat belt going down the road to be safe in a car
accident, the same applies here," said Jerry Dixon, a former director of cyber
security at the US Department of Homeland Security.
"The patch is your seat belt. The exploit is out there and you definitely need to
take precautions. Now is not the time to keep waiting."
Two "exploits," software snippets that take advantage of the vulnerability, have
been unleashed on the Internet in the past 24 hours, Securosis analyst Rich
Mogul said during the conference call.
"The threat is there," Mogul said.